CVE-2026-4542

A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknown function of the file LayerImageController.Submit.cs of the component layerImage Endpoint. Such manipulation of the argument filePaths leads to path traversal. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

CVSS v3 5.4 MEDIUM
CVSS v2.0 5.5 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

5.5^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:P

Exploitability : 8.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://vuldb.com/submit/774689
https://vuldb.com/vuln/352359
https://vuldb.com/vuln/352359/cti
https://www.yuque.com/la12138/pa2fpb/vlyutc51eb7vhwaz?singleDoc

Configurations

No configuration.

History

18 Apr 2026, 05:16

Type	Values Removed	Values Added
Summary		(es) Se ha encontrado una vulnerabilidad en SSCMS 4.7.0. El elemento afectado es una función desconocida del archivo LayerImageController.Submit.cs del componente layerImage Endpoint. Dicha manipulación del argumento filePaths conduce a salto de ruta. El ataque puede realizarse de forma remota. El exploit ha sido divulgado al público y puede ser utilizado. El análisis estadístico dejó claro que VulDB proporciona la mejor calidad para los datos de vulnerabilidad.
Summary	(en) A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknown function of the file LayerImageController.Submit.cs of the component layerImage Endpoint. Such manipulation of the argument filePaths leads to path traversal. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.	(en) A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknown function of the file LayerImageController.Submit.cs of the component layerImage Endpoint. Such manipulation of the argument filePaths leads to path traversal. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
References	~~{'url': 'https://vuldb.com/?ctiid.352359', 'source': 'cna@vuldb.com'}~~ ~~{'url': 'https://vuldb.com/?id.352359', 'source': 'cna@vuldb.com'}~~ ~~{'url': 'https://vuldb.com/?submit.774689', 'source': 'cna@vuldb.com'}~~	() https://vuldb.com/submit/774689 - () https://vuldb.com/vuln/352359 - () https://vuldb.com/vuln/352359/cti -

22 Mar 2026, 09:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-22 09:16

Updated : 2026-04-29 01:00

NVD link : CVE-2026-4542

Mitre link : CVE-2026-4542

CVE.ORG link : CVE-2026-4542

JSON object : View

Products Affected

No product.

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

5.4 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

5.5 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2026-4542

5.4^/10

5.5^/10

Attach tags to `CVE-2026-4542`