NVD disclosure day

Published threat advisories for November 10, 2022

CVE advisoryCRITICAL

CVE-2022-44088

ESPCMS INPUT_ISDESCRIPTION Remote Code Execution Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A critical remote code execution vulnerability exists in ESPCMS's INPUT_ISDESCRIPTION component. If reachable, an unauthenticated attacker could exploit this flaw over the network to execute arbitrary code, potentially compromising system integrity and availability.

CVE advisoryCRITICAL

CVE-2022-44087

ESPCMS UPFILE_PIC_ZOOM_HIGHT Remote Code Execution Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A remote code execution vulnerability exists in ESPCMS's UPFILE_PIC_ZOOM_HIGHT component, allowing unauthenticated network access for potential system compromise. This could lead to significant data breaches and service disruptions for organizations using ESPCMS for their web presence.