Cyber Resilience

CVE-2022-44118

Critical

Published: 23 November 2022

Published
23 November 2022
Modified
28 April 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1029 93.3th percentile
Risk Priority 26 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-44118 is a critical-severity an unspecified weakness vulnerability in Dedebiz Dedecmsv6. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 6.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

DedeCMS version 6.1.9 contains a remote code execution vulnerability in the file_manage_control.php component. The flaw received a CVSS 3.1 base score of 9.8 with an attack vector of network, low attack complexity, and no requirements for authentication or user interaction, resulting in complete loss of confidentiality, integrity, and availability.

Unauthenticated remote attackers can send crafted requests to the affected endpoint and execute arbitrary code on the server, giving them full control over the application and underlying system.

The two reference URLs point to the same public gist but supply no official advisory, patch information, or mitigation guidance. The associated EPSS score has remained flat at 0.1029 with no material increase since disclosure.

EU & UK References

Vulnerability details

dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution (RCE) via file_manage_control.php.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dedebiz
dedecmsv6
6.1.9

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References