Cyber Resilience

CVE-2022-34531

CriticalPublic PoC

Published: 29 July 2022

Published
29 July 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1389 94.5th percentile
Risk Priority 28 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-34531 is a critical-severity an unspecified weakness vulnerability in Dedecms Dedecms. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 5.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

DedeCMS version 5.7.95 contains a remote code execution vulnerability in the mytag_main.php component. The flaw received a CVSS 3.1 score of 9.8, reflecting network-accessible attack vectors that require no authentication or user interaction and can result in full confidentiality, integrity, and availability impact.

An unauthenticated attacker able to reach the affected component over the network can execute arbitrary code on the server. Public references consist of technical write-ups that demonstrate the exploitation path but contain no official patch or mitigation guidance from the vendor.

The associated EPSS score has remained flat at 0.1389 with no material increase since disclosure.

EU & UK References

Vulnerability details

DedeCMS v5.7.95 was discovered to contain a remote code execution (RCE) vulnerability via the component mytag_ main.php.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dedecms
dedecms
5.7.95

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References