COOEY // HUBcompliance · community · intelligence

FAIL › dossier

espcms product

· dossier confidence 60%

ESPCMS is a CMS product with a critical security track record, including three remote code execution vulnerabilities discovered in November 2022.

3
failure events
0
zero-days
3
RCEs
0
on KEV
3
critical
50
worst shame

Profile

Category
Software Product
What they do
ESPCMS is a Content Management System (CMS) product.

Security posture

Critical security vulnerabilities (RCE) were discovered in November 2022, indicating a failure to patch or secure core components against remote exploitation.

Notable failures
  • CVE-2022-44088: Remote Code Execution in INPUT_ISDESCRIPTION
  • CVE-2022-44089: Remote Code Execution in IS_GETCACHE
  • CVE-2022-44087: Remote Code Execution in UPFILE_PIC_ZOOM_HIGHT
Patterns
Multiple critical RCE vulnerabilities discovered in same release; Vulnerabilities in core input and file handling components

Failure history 3 events

DateEventSevFlagsShameSummary
2022-11-10 CVE-2022-44088 critical ⚡RCE 50 ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component INPUT_ISDESCRIPTION.
2022-11-10 CVE-2022-44089 critical ⚡RCE 50 ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component IS_GETCACHE.
2022-11-10 CVE-2022-44087 critical ⚡RCE 50 ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component UPFILE_PIC_ZOOM_HIGHT.

Dossier sources

Open questions: ESPCMS is a product, not a company; no independent corporate profile data available · No founding date, headquarters, or size data available for ESPCMS or its parent company