CVE-2022-0749 HIGH

CVE-2022-0749: Deserialization of Untrusted Data

Vendor N/A
Product SinGooCMS.Utility
Published March 17, 2022
Last update September 16, 2024

CVSS base score

7.4/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H/E:P

What the vulnerability does

01Description

This affects all versions of package SinGooCMS.Utility. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatter.

Key dates

02Disclosure timeline

March 17, 2022 CVE published
September 16, 2024 Record updated