CVE-2022-44118
Published: 23 November 2022
Summary
CVE-2022-44118 is a critical-severity an unspecified weakness vulnerability in Dedebiz Dedecmsv6. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 6.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
DedeCMS version 6.1.9 contains a remote code execution vulnerability in the file_manage_control.php component. The flaw received a CVSS 3.1 base score of 9.8 with an attack vector of network, low attack complexity, and no requirements for authentication or user interaction, resulting in complete loss of confidentiality, integrity, and availability.
Unauthenticated remote attackers can send crafted requests to the affected endpoint and execute arbitrary code on the server, giving them full control over the application and underlying system.
The two reference URLs point to the same public gist but supply no official advisory, patch information, or mitigation guidance. The associated EPSS score has remained flat at 0.1029 with no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-47069
Vulnerability details
dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution (RCE) via file_manage_control.php.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.