CVE-2022-39959 An unprivileged user can create a file named Everest.exe in the Programdata\Panini folder.

This issue was reported by the researcher Mohamed Diaby from Cybersecurity for the Masses. In order to exploit the issue, a user must be tricked into visiting a specially crafted website or open a specially crafted file.

Download link: https://github.com/pannini/Panini/releases

CVE-2021-39958

This issue was reported by the researcher Mohamed Diaby from Cybersecurity for the Masses. To exploit this vulnerability, a user must be tricked into visiting a specially crafted website or open a specially crafted file.

Download link: https://github.com/pannini/Panini/releases

Summary of The Issue

CVE-2022-39959 is a vulnerability in Microsoft Windows that was discovered by Mohamed Diaby from Cybersecurity for the Masses. This issue would have allowed an attacker to gain privilege escalation to run arbitrary code as administrator, bypassing security restrictions.

Microsoft has released a patch for this issue and have also discontinued support for the Expression Engine CMS.

CVE-2023-39960

This issue was reported by the researcher Mohamed Diaby from Cybersecurity for the Masses. In order to exploit the issue, a user must be tricked into visiting a specially crafted website or open a specially crafted file.

Download link: https://github.com/pannini/Panini/releases

Timeline

Published on: 10/07/2022 22:15:00 UTC
Last modified on: 10/11/2022 17:04:00 UTC

References

• https://www.panini.com/en/news-events/panini-patents-revolutionary-new-%E2%80%9Ceverest%E2%80%9D-architecture
• https://github.com/usmarine2141/CVE-2022-39959
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39959