VYPR
Critical severity9.8NVD Advisory· Published Sep 8, 2022· Updated Jun 17, 2026

CVE-2022-33941

CVE-2022-33941

Description

PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products/versions are as follows: PowerCMS 6.021 and earlier (PowerCMS 6 Series), PowerCMS 5.21 and earlier (PowerCMS 5 Series), and PowerCMS 4.51 and earlier (PowerCMS 4 Series). Note that all versions of PowerCMS 3 Series and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Alfasado Inc./PowerCMS XMLRPC APIv5
    Range: PowerCMS 6.021 and earlier (PowerCMS 6 Series), PowerCMS 5.21 and earlier (PowerCMS 5 Series), PowerCMS 4.51 and earlier (PowerCMS 4 Series), and PowerCMS 3 Series and earlier which are unsupported (End-of-Life, EOL)

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.