GHSA-4p38-rc98-cr39

Source

https://github.com/advisories/GHSA-4p38-rc98-cr39

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-4p38-rc98-cr39/GHSA-4p38-rc98-cr39.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-4p38-rc98-cr39

Aliases

CVE-2022-44136

Published

2022-11-30T15:30:27Z

Modified

2023-11-08T04:10:47.830505Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Zenario CMS is vulnerable to Remote Code Execution (RCE).

Details

Zenario CMS 9.3.57186 is vulnerable to RCE.

Database specific

{
    "nvd_published_at": "2022-11-30T15:15:00Z",
    "github_reviewed_at": "2022-12-02T22:20:32Z",
    "severity": "CRITICAL",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-94"
    ]
}

References

Affected packages

Packagist / tribalsystems/zenario

Package

Name: tribalsystems/zenario
Purl: pkg:composer/tribalsystems/zenario

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.57473

Affected versions

7.*

7.5.40440

7.5.41006

7.5.41499

7.5.41633

7.5.42085

7.5.42990

7.5.47180

7.6.41504

7.6.41633

7.6.42085

7.6.42990

7.6.47180

7.7.42682

7.7.42963

7.7.42990

7.7.44223

7.7.47180

7.7.47369

7.7.48583

8.*

8.0.44237

8.0.44273

8.0.44294

8.0.44521

8.0.45032

8.0.45250

8.0.45529

8.0.47180

8.0.48583

8.1.45530

8.1.45698

8.1.46089

8.1.46433

8.1.46615

8.1.47180

8.1.47369

8.1.48583

8.2.46436

8.2.46614

8.2.47180

8.2.47369

8.2.47992

8.2.48583

8.3.47997

8.3.48583

8.3.50564

8.4.50565

8.4.51340

8.5.50567

8.5.50837

8.5.51340

8.6.51342

8.7

8.8

8.8.53370

8.8.53725

8.8.54063

8.9.54063

8.9.54149

8.9.54153

8.9.55141

9.*

9.0.54156

9.0.55141