CVE-2022-0848

CRITICAL

part-db < 0.5.11 - OS Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2022-0848. PoCs published by Chetanya Sharma, dskmehra, Lay0us.

AI-analyzed exploit summary This exploit leverages a file upload vulnerability in part-db 0.5.11 to upload a malicious PHP shell, achieving remote code execution. The script crafts a PHP file with a system command, uploads it via a POST request, and retrieves the shell location for further exploitation.

Description

OS Command Injection in GitHub repository part-db/part-db prior to 0.5.11.

Exploits (3)

exploitdb WORKING POC
by Chetanya Sharma · bashwebappsphp
https://www.exploit-db.com/exploits/50800

This exploit leverages a file upload vulnerability in part-db 0.5.11 to upload a malicious PHP shell, achieving remote code execution. The script crafts a PHP file with a system command, uploads it via a POST request, and retrieves the shell location for further exploitation.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: part-db 0.5.11
No auth needed
Prerequisites: Network access to the target · part-db 0.5.11 running on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2 stars
by dskmehra · poc
https://github.com/dskmehra/CVE-2022-0848

This exploit leverages a file upload vulnerability in part-db 0.5.11 to achieve remote code execution by uploading a malicious PHP file. The script automates the process of uploading the file and retrieving the shell location.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: part-db 0.5.11
No auth needed
Prerequisites: Network access to the target server · part-db 0.5.11 running on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by Lay0us · poc
https://github.com/Lay0us/CVE-2022-0848-RCE

This exploit leverages a file upload vulnerability in part-db 0.5.11 to achieve remote code execution by uploading a malicious PHP file. The script automates the process of uploading the payload and retrieving the shell location.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: part-db 0.5.11
No auth needed
Prerequisites: Network access to the target · part-db 0.5.11 running on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Patch, Third Party Advisory x_refsource_confirm
https://huntr.dev/bounties/3e91685f-cfb9-4ee4-abaf-9b712a8fd5a6
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/166217/part-db-0.5.11-Remote-Code-Execution.html

Scores

CVSS v3 9.8
EPSS 0.4026
EPSS Percentile 97.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (1)
part-db_project/part-db < 0.5.11
Published Mar 04, 2022
Tracked Since Feb 18, 2026