CVE-2022-4322

MEDIUM

maku-boot <2.2.0 - Code Injection

Title source: llm

Description

A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This affects the function doExecute of the file AbstractScheduleJob.java of the component Scheduled Task Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 446eb7294332efca2bfd791bc37281cedac0d0ff. It is recommended to apply a patch to fix this issue. The identifier VDB-215013 was assigned to this vulnerability.

Exploits (1)

gitee 35,215 stars
by babamu · javawriteup
https://gitee.com/makunet/maku-boot/issues/I5ZUYI

References (3)

Scores

CVSS v3 6.3
EPSS 0.0053
EPSS Percentile 66.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Classification

CWE
CWE-89 CWE-707
Status published

Affected Products (1)

maku/maku-boot < 2.2.0

Timeline

Published Dec 07, 2022
Tracked Since Feb 18, 2026