CVE-2022-41158 HIGH

CVE-2022-41158: eyoom builder Remote Code Execution Vulnerability

Vendor Eyoom Co.,Ltd
Product eyoom builder
Weakness CWE-22 · Path traversal
Published November 25, 2022
Last update April 29, 2025

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. A remote attacker could exploit the vulnerability to execute or inject malicious code.

Key dates

02Disclosure timeline

November 25, 2022 CVE published
April 29, 2025 Record updated