CVE-2022-4136 HIGH

CVE-2022-4136: Exposed Dangerous Method or Function in qmpaas/leadshop

Vendor Qmpaas
Product qmpaas/leadshop
Weakness CWE-749
Published November 24, 2022
Last update April 14, 2025

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

What the vulnerability does

01Description

Dangerous method exposed which can lead to RCE in qmpass/leadshop v1.4.15 allows an attacker to control the target host by calling any function in leadshop.php via the GET method.

Key dates

02Disclosure timeline

November 24, 2022 CVE published
April 14, 2025 Record updated