CVE-2022-28118

CRITICAL

SiteServer CMS v7.x - RCE

Title source: llm

SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in.

nomisec WORKING POC 8 stars

by Richard-Tang · poc

CVSS v3 9.8

EPSS 0.0404

EPSS Percentile 88.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Status published

Products (2)

npm/siteserver 7.0.0npm

sscms/siteserver_cms 7.0.0 - 7.1.2

Published May 03, 2022

Tracked Since Feb 18, 2026