CVE-2022-47129 - Vulnerability Details - OpenCVE

PHPOK v6.3 was discovered to contain a remote code execution (RCE) vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Phpok	Phpok

Configuration 1 [-]

cpe:2.3:a:phpok:phpok:6.3:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://gist.github.com/Omoredream/43f60004665e9d9d8c71f7e976261387
https://www.yuque.com/g/alipayyz9csdbcdz/zytgq2/vz8ktghkcgvhsdzn/collaborator/join?token=R5phxzuV3w99ndZD

History

Tue, 28 Jan 2025 08:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 27 Jan 2025 17:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-94

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-05-11T00:00:00.000Z

Updated: 2025-01-27T17:04:04.678Z

Reserved: 2022-12-12T00:00:00.000Z

Link: CVE-2022-47129

Vulnrichment

Updated: 2024-08-03T14:47:28.817Z

NVD

Status : Modified

Published: 2023-05-11T14:15:19.623

Modified: 2025-01-27T17:15:09.930

Link: CVE-2022-47129

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-47129", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-01-27T17:04:04.678Z", "dateReserved": "2022-12-12T00:00:00.000Z", "datePublished": "2023-05-11T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-05-11T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "PHPOK v6.3 was discovered to contain a remote code execution (RCE) vulnerability."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.yuque.com/g/alipayyz9csdbcdz/zytgq2/vz8ktghkcgvhsdzn/collaborator/join?token=R5phxzuV3w99ndZD"}, {"url": "https://gist.github.com/Omoredream/43f60004665e9d9d8c71f7e976261387"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:47:28.817Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.yuque.com/g/alipayyz9csdbcdz/zytgq2/vz8ktghkcgvhsdzn/collaborator/join?token=R5phxzuV3w99ndZD", "tags": ["x_transferred"]}, {"url": "https://gist.github.com/Omoredream/43f60004665e9d9d8c71f7e976261387", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-01-27T17:03:05.343166Z", "id": "CVE-2022-47129", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-27T17:04:04.678Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.yuque.com/g/alipayyz9csdbcdz/zytgq2/vz8ktghkcgvhsdzn/collaborator/join?token=R5phxzuV3w99ndZD", "tags": ["x_transferred"]}, {"url": "https://gist.github.com/Omoredream/43f60004665e9d9d8c71f7e976261387", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:47:28.817Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-47129", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-27T17:03:05.343166Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-27T17:03:59.293Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.yuque.com/g/alipayyz9csdbcdz/zytgq2/vz8ktghkcgvhsdzn/collaborator/join?token=R5phxzuV3w99ndZD"}, {"url": "https://gist.github.com/Omoredream/43f60004665e9d9d8c71f7e976261387"}], "descriptions": [{"lang": "en", "value": "PHPOK v6.3 was discovered to contain a remote code execution (RCE) vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-05-11T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-47129", "state": "PUBLISHED", "dateUpdated": "2025-01-27T17:04:04.678Z", "dateReserved": "2022-12-12T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-05-11T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phpok:phpok:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "6634DAC0-70E8-4251-9AA6-6A48074E608A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PHPOK v6.3 was discovered to contain a remote code execution (RCE) vulnerability."}], "id": "CVE-2022-47129", "lastModified": "2025-01-27T17:15:09.930", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-05-11T14:15:19.623", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://gist.github.com/Omoredream/43f60004665e9d9d8c71f7e976261387"}, {"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "https://www.yuque.com/g/alipayyz9csdbcdz/zytgq2/vz8ktghkcgvhsdzn/collaborator/join?token=R5phxzuV3w99ndZD"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://gist.github.com/Omoredream/43f60004665e9d9d8c71f7e976261387"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://www.yuque.com/g/alipayyz9csdbcdz/zytgq2/vz8ktghkcgvhsdzn/collaborator/join?token=R5phxzuV3w99ndZD"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}