CVE-2022-39297 MelisCms is a CMS for Melis Platform, including templating system, plugins drag and drop, and SEO tools.

This restriction prevents attackers from deserializing user-controlled data and executing arbitrary PHP code on the system. Melis CMS is not enabled by default on new installations of Melis, but can be enabled by the administrator on existing installations. New installations are not vulnerable to this issue. Users should upgrade to `melisplatform/melis-cms` 5.0.1 or later as soon as possible.

Installation Restriction

Installation Restriction: CVE-2022-39297
This restriction prevents attackers from deserializing user-controlled data and executing arbitrary PHP code on the system. Melis CMS is not enabled by default on new installations of Melis, but can be enabled by the administrator on existing installations. New installations are not vulnerable to this issue. Users should upgrade to `melisplatform/melis-cms` 5.0.1 or later as soon as possible.

Installation of Melis CMS

Melis CMS is not enabled by default on new installations of Melis, but can be enabled by the administrator on existing installations. New installations are not vulnerable to this issue. Users should upgrade to `melisplatform/melis-cms` 5.0.1 or later as soon as possible.

Timeline

Published on: 10/12/2022 23:15:00 UTC
Last modified on: 10/13/2022 17:35:00 UTC

References

• https://github.com/melisplatform/melis-cms/commit/d124b2474699a679a24ec52620cadceb3d4cec11
• https://github.com/melisplatform/melis-cms/security/advisories/GHSA-m3m3-6gww-7gj9
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39297