CVE-2026-4542 (GCVE-0-2026-4542)

Vulnerability from cvelistv5 – Published: 2026-03-22 08:35 – Updated: 2026-04-18 03:38
VLAI?
Title
SSCMS layerImage Endpoint LayerImageController.Submit.cs path traversal
Summary
A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknown function of the file LayerImageController.Submit.cs of the component layerImage Endpoint. Such manipulation of the argument filePaths leads to path traversal. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
Severity ?
5.3 (Medium)
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
5.4 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R
5.4 (Medium)
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a SSCMS Affected: 4.7.0
    cpe:2.3:a:sscms:sscms:*:*:*:*:*:*:*:*
Credits
Saul1213 (VulDB User)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4542",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-23T16:21:37.574176Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-23T16:39:46.684Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:sscms:sscms:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "layerImage Endpoint"
          ],
          "product": "SSCMS",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "4.7.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Saul1213 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknown function of the file LayerImageController.Submit.cs of the component layerImage Endpoint. Such manipulation of the argument filePaths leads to path traversal. The attack may be performed from remote. The exploit has been disclosed to the public and may be used."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5.5,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-18T03:38:56.405Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-352359 | SSCMS layerImage Endpoint LayerImageController.Submit.cs path traversal",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/352359"
        },
        {
          "name": "VDB-352359 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/352359/cti"
        },
        {
          "name": "Submit #774689 | SSCMS V4.7.0 SSCMS  Arbitrary File Deletion",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/774689"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://www.yuque.com/la12138/pa2fpb/vlyutc51eb7vhwaz?singleDoc"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-21T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-03-21T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-03-22T11:28:01.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "SSCMS layerImage Endpoint LayerImageController.Submit.cs path traversal"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-4542",
    "datePublished": "2026-03-22T08:35:10.929Z",
    "dateReserved": "2026-03-21T15:17:30.652Z",
    "dateUpdated": "2026-04-18T03:38:56.405Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-4542",
      "date": "2026-04-20",
      "epss": "0.00045",
      "percentile": "0.1362"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-4542\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2026-03-22T09:16:00.830\",\"lastModified\":\"2026-04-18T05:16:22.753\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknown function of the file LayerImageController.Submit.cs of the component layerImage Endpoint. Such manipulation of the argument filePaths leads to path traversal. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.\"},{\"lang\":\"es\",\"value\":\"Se ha encontrado una vulnerabilidad en SSCMS 4.7.0. El elemento afectado es una funci\u00f3n desconocida del archivo LayerImageController.Submit.cs del componente layerImage Endpoint. Dicha manipulaci\u00f3n del argumento filePaths conduce a salto de ruta. El ataque puede realizarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede ser utilizado. El an\u00e1lisis estad\u00edstico dej\u00f3 claro que VulDB proporciona la mejor calidad para los datos de vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":2.5}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:P/A:P\",\"baseScore\":5.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"references\":[{\"url\":\"https://vuldb.com/submit/774689\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/vuln/352359\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/vuln/352359/cti\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://www.yuque.com/la12138/pa2fpb/vlyutc51eb7vhwaz?singleDoc\",\"source\":\"cna@vuldb.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-4542\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-23T16:21:37.574176Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-23T16:21:38.664Z\"}}], \"cna\": {\"title\": \"SSCMS layerImage Endpoint LayerImageController.Submit.cs path traversal\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Saul1213 (VulDB User)\"}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P\"}}, {\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 5.5, \"vectorString\": \"AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR\"}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:sscms:sscms:*:*:*:*:*:*:*:*\"], \"vendor\": \"n/a\", \"modules\": [\"layerImage Endpoint\"], \"product\": \"SSCMS\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.7.0\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-03-21T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2026-03-21T01:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2026-03-22T11:28:01.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/vuln/352359\", \"name\": \"VDB-352359 | SSCMS layerImage Endpoint LayerImageController.Submit.cs path traversal\", \"tags\": [\"vdb-entry\", \"technical-description\"]}, {\"url\": \"https://vuldb.com/vuln/352359/cti\", \"name\": \"VDB-352359 | CTI Indicators (IOB, IOC, TTP, IOA)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://vuldb.com/submit/774689\", \"name\": \"Submit #774689 | SSCMS V4.7.0 SSCMS  Arbitrary File Deletion\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://www.yuque.com/la12138/pa2fpb/vlyutc51eb7vhwaz?singleDoc\", \"tags\": [\"exploit\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknown function of the file LayerImageController.Submit.cs of the component layerImage Endpoint. Such manipulation of the argument filePaths leads to path traversal. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"Path Traversal\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2026-04-18T03:38:56.405Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-4542\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-18T03:38:56.405Z\", \"dateReserved\": \"2026-03-21T15:17:30.652Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2026-03-22T08:35:10.929Z\", \"assignerShortName\": \"VulDB\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.