CVE-2026-4222 | SSCMS up to 7.4.0 download PathUtils.RemoveParentPath path path traversal

Inserito da Angelo Barbosa | Mar 15, 2026 | CVE

A vulnerability marked as critical has been reported in SSCMS up to 7.4.0. This vulnerability affects the function PathUtils.RemoveParentPath of the file /api/admin/plugins/install/actions/download. This manipulation of the argument path causes path traversal.

This vulnerability is registered as CVE-2026-4222. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4222 | SSCMS up to 7.4.0 download PathUtils.RemoveParentPath path path traversal

Post correlati

CVE-2024-53781 | Home Junction SpatialMatch IDX Plugin up to 3.0.9 on WordPress cross-site request forgery

CVE-2024-12875 | Easy Digital Downloads Plugin up to 3.3.2 on WordPress File information disclosure

CVE-2023-5427 | Arm Bifrost GPU Kernel Driver up to r45p0 use after free

CVE-2024-36503 | Huawei HarmonyOS/EMUI Gralloc Module uninitialized resource