CVE advisoryCRITICAL
CVE-2022-28118
SiteServer CMS Arbitrary Code Execution Via Crafted Plugin
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A critical vulnerability in SiteServer CMS allows attackers to execute arbitrary code by uploading a crafted plug-in. This could impact system integrity and availability if the plug-in management features are reachable. It is important to determine if this technology is in use to assess potential exposure.