← back
CVE-2022-0848

OS Command Injection in part-db/part-db

CVSS 10 CRITICALEPSS 35.4%CWE-78
Vexday Risk Score
60Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 10EPSS 35.4%KEV nãoPoC públicaNuclei Metasploit Patch
Lifecycle
04 Mar 2022Published on NVD
07 Mar 2022Public PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
OS Command Injection in GitHub repository part-db/part-db prior to 0.5.11.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
part-db · part-db/part-db
public PoCs found4
githubgithub.com/dskmehra/CVE-2022-08482githubgithub.com/Lay0us/CVE-2022-0848-RCE1cve_referencepacketstormsecurity.com/files/166217/part-db-0.5.11-Remote-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50800unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/166217/part-db-0.5.11-Remote-Code-Execution.htmlhttps://github.com/part-db/part-db/commit/9cd4eee393028aa4cab70fcbac284b0028c0bc95https://huntr.dev/bounties/3e91685f-cfb9-4ee4-abaf-9b712a8fd5a6