6.5

CVE-2022-35148

Exploit
maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain a SQL injection vulnerability via the table parameter at database/columns.html.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MaccmsMaccms Version10.0 Update2021.1000.1081
MaccmsMaccms Version10.0 Update2022.1000.1099
MaccmsMaccms Version10.0 Update2022.1000.3001
MaccmsMaccms Version10.0 Update2022.1000.3002
MaccmsMaccms Version10.0 Update2022.1000.3004
MaccmsMaccms Version10.0 Update2022.1000.3005
MaccmsMaccms Version10.0 Update2022.1000.3025
MaccmsMaccms Version10.0 Update2022.1000.3026
MaccmsMaccms Version10.0 Update2022.1000.3027
MaccmsMaccms Version10.0 Update2022.1000.3028
MaccmsMaccms Version10.0 Update2022.1000.3029
MaccmsMaccms Version10.0 Update2022.1000.3030
MaccmsMaccms Version10.0 Update2022.1000.3031
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.447
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

https://github.com/magicblack/maccms10/issues/931
Patch
Third Party Advisory
Exploit
Issue Tracking