.. / CVE-2022-25369

Exploit for Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation (CVE-2022-25369)

Description:

Dynamicweb contains a vulnerability which allows an unauthenticated attacker to create a new administrative user.

Nuclei Template

View the template here CVE-2022-25369.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-25369.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-25369
https://blog.assetnote.io/2022/02/20/logicflaw-dynamicweb-rce/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25369