CVE-2024-22638
Published: 25 January 2024
Summary
CVE-2024-22638 is a critical-severity an unspecified weakness vulnerability in Livesite Livesite. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 8.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
liveSite version 2019.1 contains a remote code execution vulnerability in the components /livesite/edit_designer_region.php and /livesite/add_email_campaign.php. The flaw received a CVSS 3.1 base score of 9.8, reflecting network-accessible attack vectors that require no authentication or user interaction and result in full confidentiality, integrity, and availability impact.
Unauthenticated remote attackers can exploit the issue to execute arbitrary code on affected installations. Public proof-of-concept exploits have been released on Exploit-DB and PacketStorm Security, enabling straightforward weaponization against exposed instances.
No vendor advisories, patches, or mitigation steps are referenced in the available sources. The associated EPSS score reached a peak of 0.0763 and currently sits at 0.0639, showing limited but stable post-disclosure interest rather than a pronounced upward trajectory.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-20172
Vulnerability details
liveSite v2019.1 was discovered to contain a remote code execution (RCE) vulenrabiity via the component /livesite/edit_designer_region.php or /livesite/add_email_campaign.php.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.