CVE-2022-39058— Changing Information Technology Inc. RAVA certificate validation system - Path Traversal
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-39058
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Changing Information Technology Inc. RAVA certificate validation system - Path Traversal
Source: NVD (National Vulnerability Database)
Vulnerability Description
RAVA certification validation system has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access arbitrary system files.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Changing Information Technology RAVA certificate validation system 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Changing Information Technology RAVA certificate validation system(全景软体 RAVA凭证验证系统网站)是中国Changing Information Technology公司的一个凭证验证系统。 Changing Information Technology RAVA certificate validation system存在路径遍历漏洞。攻击者利用该漏洞绕过身份验证并访问任意系统文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Changing Information Technology Inc. | RAVA certificate validation system | 3 | - |
II. Public POCs for CVE-2022-39058
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-39058
请登录查看更多情报信息。
Same Patch Batch · Changing Information Technology Inc. · 2022-10-18 · 4 CVEs total
| CVE-2022-39056 | 9.8 CRITICAL | Changing Information Technology Inc. RAVA certificate validation system - SQL Injection |
| CVE-2022-39057 | 7.2 HIGH | Changing Information Technology Inc. RAVA certificate validation system - Command Injectio |
| CVE-2022-39055 | 5.3 MEDIUM | Changing Information Technology Inc. RAVA certificate validation system - Server-Side Requ |
IV. Related Vulnerabilities
Same weakness: CWE-22
- CVE-2026-56078
PraisonAI - Arbitrary File Read and Write via Path Traversal - CVE-2026-54017
Open WebUI: Path traversal / SSRF in terminal server proxy v - CVE-2026-48716
nanobot: Path traversal via unsanitized WhatsApp document fi - CVE-2026-54223
Remote Code Execution via arbitrary file read and write in U - CVE-2026-8811
Path traversal in PDF generation module
V. Comments for CVE-2022-39058
No comments yet