CVE-2022-4136

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-4136

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4136.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-4136

Published

2022-11-24T00:00:00Z

Modified

2025-12-04T10:36:43.665194Z

Severity

8.6 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L CVSS Calculator

Summary

Exposed Dangerous Method or Function in qmpaas/leadshop

Details

Dangerous method exposed which can lead to RCE in qmpass/leadshop v1.4.15 allows an attacker to control the target host by calling any function in leadshop.php via the GET method.

Database specific

{
    "cna_assigner": "@huntrdev",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/4xxx/CVE-2022-4136.json",
    "cwe_ids": [
        "CWE-749"
    ]
}

References

Affected packages

Git / github.com/qmpaas/leadshop

Affected ranges

Type: GIT
Repo: https://github.com/qmpaas/leadshop
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f27e9ca5c93eaadda1097396b65c234b16186d67

Affected versions

V1.*

V1.2.10

V1.2.6

V1.2.7

V1.2.8

V1.3.0

V1.3.11

V1.3.3

V1.3.4

V1.3.7