{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-12T16:04:17.563","vulnerabilities":[{"cve":{"id":"CVE-2022-39297","sourceIdentifier":"security-advisories@github.com","published":"2022-10-12T23:15:09.623","lastModified":"2024-11-21T07:17:58.893","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"MelisCms provides a full CMS for Melis Platform, including templating system, drag'n'drop of plugins, SEO and many administration tools. Attackers can deserialize arbitrary data on affected versions of `melisplatform/melis-cms`, and ultimately leads to the execution of arbitrary PHP code on the system. Conducting this attack does not require authentication. Users should immediately upgrade to `melisplatform/melis-cms` >= 5.0.1. This issue was addressed by restricting allowed classes when deserializing user-controlled data."},{"lang":"es","value":"MelisCms proporciona un CMS completo para la Plataforma Melis, incluyendo el sistema de plantillas, drag'n'drop de plugins, SEO y muchas herramientas de administración. Los atacantes pueden deserializar datos arbitrarios en las versiones afectadas de \"melisplatform/melis-cms\", y en última instancia conlleva a una ejecución de código PHP arbitrario en el sistema. La realización de este ataque no requiere autenticación. Los usuarios deben actualizar inmediatamente a \"melisplatform/melis-cms\" versiones posteriores a 5.0.1 incluyéndola. Este problema ha sido abordado al restringir las clases permitidas cuando son deserializados los datos controlados por el usuario"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":5.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:melistechnology:meliscms:*:*:*:*:*:*:*:*","versionEndExcluding":"5.0.1","matchCriteriaId":"2A0F2482-77FC-4B8D-A360-E340941ACA59"}]}]}],"references":[{"url":"https://github.com/melisplatform/melis-cms/commit/d124b2474699a679a24ec52620cadceb3d4cec11","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/melisplatform/melis-cms/security/advisories/GHSA-m3m3-6gww-7gj9","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/melisplatform/melis-cms/commit/d124b2474699a679a24ec52620cadceb3d4cec11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/melisplatform/melis-cms/security/advisories/GHSA-m3m3-6gww-7gj9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}