exploitDog

CVE-2022-44015

Опубликовано: 25 дек. 2022

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can inject raw SQL queries. By activating MSSQL features, the attacker is able to execute arbitrary commands on the MSSQL server via the xp_cmdshell extended procedure.

Ссылки

https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-simmeth-system-gmbh-lieferantenmanager/
Exploit
Third Party Advisory
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-simmeth-system-gmbh-lieferantenmanager/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:simmeth:lieferantenmanager:*:*:*:*:*:*:*:*

Версия до 5.6 (исключая)

EPSS

Процентиль: 74%

0.00857

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

CWE-89

Связанные уязвимости

GHSA-2vgc-685m-w42v

CVSS3: 9.8

github

около 3 лет назад

An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can inject raw SQL queries. By activating MSSQL features, the attacker is able to execute arbitrary commands on the MSSQL server via the xp_cmdshell extended procedure.

EPSS

Процентиль: 74%

0.00857

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

CWE-89