COOEY // HUBcompliance · community · intelligence

FAIL › dossier

ecisp vendor

· dossier confidence 50%

ECISP is a software vendor with a critical security track record, evidenced by three simultaneous RCE vulnerabilities in November 2022.

3
failure events
0
zero-days
3
RCEs
0
on KEV
3
critical
50
worst shame

Profile

Category
Software Vendor
What they do
ECISP is a software vendor specializing in ESPCMS components, including input validation and file handling modules.

Security posture

Critical vulnerabilities in ESPCMS components were disclosed in November 2022, including three distinct Remote Code Execution (RCE) flaws.

Notable failures
  • CVE-2022-44088: RCE in INPUT_ISDESCRIPTION
  • CVE-2022-44089: RCE in IS_GETCACHE
  • CVE-2022-44087: RCE in UPFILE_PIC_ZOOM_HIGHT
Patterns
Multiple critical RCE vulnerabilities in same component version

Failure history 3 events

DateEventSevFlagsShameSummary
2022-11-10 CVE-2022-44088 critical ⚡RCE 50 ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component INPUT_ISDESCRIPTION.
2022-11-10 CVE-2022-44089 critical ⚡RCE 50 ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component IS_GETCACHE.
2022-11-10 CVE-2022-44087 critical ⚡RCE 50 ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component UPFILE_PIC_ZOOM_HIGHT.

Dossier sources

Open questions: Company founding date · Headquarters location · Company size · Ownership structure · Website URL