CVE-2022-34531
Published: 29 July 2022
Summary
CVE-2022-34531 is a critical-severity an unspecified weakness vulnerability in Dedecms Dedecms. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 5.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
DedeCMS version 5.7.95 contains a remote code execution vulnerability in the mytag_main.php component. The flaw received a CVSS 3.1 score of 9.8, reflecting network-accessible attack vectors that require no authentication or user interaction and can result in full confidentiality, integrity, and availability impact.
An unauthenticated attacker able to reach the affected component over the network can execute arbitrary code on the server. Public references consist of technical write-ups that demonstrate the exploitation path but contain no official patch or mitigation guidance from the vendor.
The associated EPSS score has remained flat at 0.1389 with no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-37484
Vulnerability details
DedeCMS v5.7.95 was discovered to contain a remote code execution (RCE) vulnerability via the component mytag_ main.php.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.