Penetration Testing as a Service
Share

Unveiling Critical Cybersecurity Threats: Top 5 CVEs You Need to Know

In this month of our Top 5 CVEs, we will cover a few web-based CVEs that have a high impact and low complexity in execution. These vulnerabilities were selected based on their prevalence as well as the availability of public exploits.

The following CVEs will be covered on this month’s blog:

  1. CVE-2022-22965 – Spring4Shell
  2. CVE-2022-0847 – Linux Dirty Pipe
  3. CVE-2022-0441 – MasterStudy LMS WordPress Plugin – Unauthenticated Admin User Creation
  4. CVE-2022-0824 – Webmin Broken Access Control and Remote Code Execution
  5. CVE-2022-24706 – CouchDB Remote Privilege Escalation

Also read:  Spring Data JPA: Data Access Enhancement

CVE-2022-22965 – Spring4Shell

March 2022, a vulnerability was discovered by VMWare in the Java Spring Framework affecting Spring applications running Java 9. This vulnerability was named “Spring4Shell” as a play on Log4Shell, a vulnerability that was discovered the previous year 2021. The CVE identifier CVE-2022-22965 was assigned to this vulnerability.

This vulnerability allows attackers to execute remote command execution by uploading a web shell. The attack abuses data transmitted in HTTP requests and allows them to upload a malicious .jsp file by overwriting the Tomcat logging configuration. This can be easily achieved by using publicly available scripts and exploits.

This vulnerability affects JDK version 9 and newer.

References:

https://kb.vmware.com/s/article/88203

https://nvd.nist.gov/vuln/detail/cve-2022-22965

CVE-2022-0847 – Linux Dirty Pipe

Similar to the”Dirty Cow” exploit, Dirty Pipe (CVE-2022-0847) is a Linux kernel vulnerability that grants a low-priv user the ability to modify read-only files. This is due to the system call “splice()” which can be abused to splice a page into a pipe and overwriting the contents on the page.

Attackers can arbitrarily overwrite files on the OS such as the /etc/passwd file and grant compromised low privileged accounts to have elevated privilege and gain access on the machine as admin or root.

This vulnerability affects Linux Kernel versions 5.8 to 5.16.10, 5.15.24, and 5.10.101.

References:

https://dirtypipe.cm4all.com

https://nvd.nist.gov/vuln/detail/cve-2022-0847

CVE-2022-0441 – MasterStudy LMS WordPress Plugin – Unauthenticated Admin User Creation

The MasterStudy LMS is a WordPress plugin for online learning platforms. The plugin lets you build and sell courses on your website. A plugin before v2.7.6 is susceptible to a critical vulnerability which can allow the creation of admin accounts without authentication. This is due to an issue with the plugin not validating certain parameters when registering a new account.

There are multiple ways to run this exploit manually and using publicly available scripts. An attacker can also use tools such as Metasploit to easily carry out this attack.

Below is an example code of the json post data that is requested which adds a user to the admin group.

Source: msf module – auxiliary/admin/http/wp_masterstudy_privesc

json_post_data = JSON.pretty_generate({
‘user_login’ => username,
‘user_email’ => email,
‘user_password’ => password,
‘user_password_re’ => password,
‘become_instructor’ => ”,
‘privacy_policy’ => true,
‘degree’ => ”,
‘expertize’ => ”,
‘auditory’ => ”,
‘additional’ => [],
‘additional_instructors’ => [],
‘profile_default_fields_for_register’ => {
‘wp_capabilities’ => {
‘value’ => { ‘administrator’ => 1 }
}
}
})

References:

https://nvd.nist.gov/vuln/detail/cve-2022-0441

Metasploit Module Source Code:

https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/admin/http/wp_masterstudy_privesc.rb

CVE-2022-0824 – Webmin Broken Access Control and Remote Code Execution

Webmin is a free, open-source application and web control panel for Unix system administrators that can be accessed through any modern web browser. The interface allows you to setup user accounts, configure DNS, file sharing and more.

This year, a critical vulnerability was found on Webmin servers. A version of Webmin, v1.1984 has a vulnerable File Manager module that allows any unauthenticated low privilege user to access the File Manager module and allow them to execute malicious file uploads and gaining Remote Code Execution by crafting a payload via a .cgi file.

At the time of writing this blog, there are 17k+ downloads a week on sourceforge.net

The attack is achieved by the following steps:

  1. Attacker uses a web proxy such as Burpsuite or OWASP Zap to capture requests
  2. Register and log in as a low privileged user
  3. Create a .cgi file with a reverse shell payload
  4. Make the file available for download on an accessible server
  5. Setup a listener on the attacker machine
  6. Upload the malicious file via a POST request. (The file manager on webmin will download the malicious file)
  7. Access the file on the website folder to trigger the exploit and gain shell

The ease of this attack is not very difficult and can be executed on unpatched or out of date Webmin versions.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-0824

CVE-2022-24706 – CouchDB Remote Privilege Escalation

A critical vulnerability discovered by Alex Vandiver was found on Apache CouchDB prior to 3.2.2 which allowed an attacker to perform a privilege escalation technique with low complexity. The attacker would simply access an improperly secured default installation without authentication and gain elevated privileges.

The straightforwardness of this exploit makes it on our list as this does not require special tools and simply uses publicly accessible scripts. This affects all versions of CouchDB before 3.2.1 and affects the open epmd port 4369 and port 5984.

“Installations that do not expose the separate distribution port to external access are not vulnerable.”

Reference:

https://nvd.nist.gov/vuln/detail/CVE-2022-24706

https://docs.couchdb.org/en/stable/cve/2022-24706.html

More Industry Insights

Harnessing Altimetrik’s Expertise

Blog
Agentic AI

Building an Agentic AI, Observability-First Self-Healing Platform

Executive Summary In today’s digital economy, system reliability is no longer just an operational concern, it is a business imperative. Every moment of downtime or service degradation directly impacts revenue, customer trust, and brand reputation. Yet many organizations still rely on operational models designed for simpler systems: reactive monitoring, fragmented tooling, and manual troubleshooting. Modern […]

Read More
Blog
AI

Elevating Observability with a Single Pane View Business Journey

In most organizations, Site Reliability Practitioner keeps a close watch on infrastructure, microservices, and middleware layers, and we’re no different. But how often do we stop to consider the link between this technical oversight and actual business impact?  The blog discusses the concept of Single Pane View Business Journey - a transformative approach designed to bridge the gap between engineering and business, enabling a unified view that drives shared […]

Read More
Blog

Payments Modernization Is a Structural Reset; Not a Technology Upgrade

The global payments industry is not evolving.It is being rebuilt. For decades, payments infrastructure operated as invisible plumbing stable, reliable, and largely unchanged. Today, that foundation is under systemic pressure. Real-time rails are proliferating. ISO 20022 is redefining financial messaging globally. Embedded finance is dissolving institutional boundaries. Fraud patterns are increasingly algorithmic. Customers expect instant […]

Read More

Contact Us

We'd love to hear from you.
Contact Us

Amit singh

“Amit Singh is the Chief Strategy Officer and Chief of Staff to the CEO at Altimetrik, where he drives corporate strategy, growth acceleration, and value creation through transformation initiatives. In this dual role, he partners closely with leadership teams, investors, and the board to align business strategy with sustained, technology-driven growth.

With over two decades of experience at the intersection of technology, business, and transformation, Amit brings a unique perspective on how organizations can innovate and adapt in a rapidly evolving digital landscape. His career has been defined by building high-performing teams, scaling innovative platforms, and driving organizational change to deliver lasting impact.

Before joining Altimetrik, Amit held senior leadership roles at Visa, where he led technology strategy, engineering, and product development for Real-Time Payments and the Visa Developer Platform. Earlier, he served as Chief Product Officer at a startup and spent more than a decade at Oracle, leading product and engineering teams across a wide range of enterprise software applications.”

Our expertise
Before we proceed..

Altimetrik is committed to protecting your personal information. To apply for a position, you will need to provide your email address and create a login. Your information will be used in accordance with applicable data privacy laws, our Privacy Policy, and our Privacy Notice.

Explore More