CVE-2022-30007

Published: May 17, 2022Modified: Jun 17, 2026

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

GXCMS V1.5 has a file upload vulnerability in the background. The vulnerability is the template management page. You can edit any template content and then rename to PHP suffix file, after calling PHP file can control the server.

Affected (1)

Products: Gxcms Project: Gxcms

Gxcms Project

1 product

Gxcms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gxcms Project Gxcms	Version 1.5

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

https://github.com/ZackSecurity/VulnerReport/blob/cve/gxcms/1.md

Source: cve@mitre.org

https://github.com/breezety/gxcms15/issues/1

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://github.com/ZackSecurity/VulnerReport/blob/cve/gxcms/1.md

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/breezety/gxcms15/issues/1

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.