Cyber Resilience

CVE-2024-22638

CriticalPublic PoC

Published: 25 January 2024

Published
25 January 2024
Modified
30 May 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0639 91.2th percentile
Risk Priority 23 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-22638 is a critical-severity an unspecified weakness vulnerability in Livesite Livesite. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 8.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

liveSite version 2019.1 contains a remote code execution vulnerability in the components /livesite/edit_designer_region.php and /livesite/add_email_campaign.php. The flaw received a CVSS 3.1 base score of 9.8, reflecting network-accessible attack vectors that require no authentication or user interaction and result in full confidentiality, integrity, and availability impact.

Unauthenticated remote attackers can exploit the issue to execute arbitrary code on affected installations. Public proof-of-concept exploits have been released on Exploit-DB and PacketStorm Security, enabling straightforward weaponization against exposed instances.

No vendor advisories, patches, or mitigation steps are referenced in the available sources. The associated EPSS score reached a peak of 0.0763 and currently sits at 0.0639, showing limited but stable post-disclosure interest rather than a pronounced upward trajectory.

EU & UK References

Vulnerability details

liveSite v2019.1 was discovered to contain a remote code execution (RCE) vulenrabiity via the component /livesite/edit_designer_region.php or /livesite/add_email_campaign.php.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

livesite
livesite
2019.1

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References