CVE-2024-22076

critical

Description

MyQ Print Server before 8.2 patch 43 allows remote authenticated administrators to execute arbitrary code via PHP scripts that are reached through the administrative interface.

References

https://www.access42.nl/nieuws/unmasking-web-vulnerabilities-a-tale-of-default-admin-credentials-and-php-command-execution-cve-2024-22076/

https://docs.myq-solution.com/en/print-server/8.2/technical-changelog#id-%288.2%29ReleaseNotes-8.2%28Patch43%29

https://docs.myq-solution.com/en/print-server/8.2/

Details

Source: Mitre, NVD

Published: 2024-01-23

Updated: 2025-06-16

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H