cvedb.io
CVE-2022-46306
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2023-01-03T03:15:10.637 · Last modified 2026-06-17T05:11:28.570

Summary

ChangingTec ServiSign component has a path traversal vulnerability due to insufficient filtering for special characters in the DLL file path. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers the component to load malicious DLL files under arbitrary file path and allows the attacker to perform arbitrary system operation and disrupt of service.

Affected products

changingtec — servisign

Does this affect you?

Add your gear to cvedb and we'll alert you only when changingtec ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.