Approved changes feed: RSS · Atom

cpe:2.3:a:alfasado_inc.:powercms_xmlrpc_api:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorAlfasado Inc. (dbc70d0a-6336-5e66-a045-9e5450a23990)
ProductPowercms Xmlrpc Api (8cdf05d3-3db0-5dac-b8ca-7ecf59530078)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2022-33941 vulnerable 2026-06-08 05:44:51.775314 Details available
PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products/versions are as follows: PowerCMS 6.021 and earlier (PowerCMS 6 Series), PowerCMS 5.21 and earlier (PowerCMS 5 Series), and PowerCMS 4.51 and earlier (PowerCMS 4 Series). Note that all versions of PowerCMS 3 Series and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability.
Published: 2022-09-08T07:10:41.000Z
Updated: 2024-08-03T08:16:15.908Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-20850 vulnerable 2026-06-08 05:29:10.671650 Details available
PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS 4.49 and earlier, PowerCMS 3.295 and earlier, and PowerCMS 2 Series (End-of-Life, EOL) allows a remote attacker to execute an arbitrary OS command via unspecified vectors.
Published: 2021-11-24T08:25:51.000Z
Updated: 2024-08-03T17:53:22.643Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.