cvedb.io
CVE-2022-33941
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2022-09-08T08:15:07.957 · Last modified 2026-06-17T04:49:31.543

Summary

PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products/versions are as follows: PowerCMS 6.021 and earlier (PowerCMS 6 Series), PowerCMS 5.21 and earlier (PowerCMS 5 Series), and PowerCMS 4.51 and earlier (PowerCMS 4 Series). Note that all versions of PowerCMS 3 Series and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability.

Affected products

alfasado — powercms

Does this affect you?

Add your gear to cvedb and we'll alert you only when alfasado ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.