Lucene search

CVE-2022-36787

🗓️ 17 Nov 2022 23:17:15Reported by INCDType

cve🔗 web.nvd.nist.gov📰️ 5 Media mentions👁 36 Views🌐 WEB

CVE-2022-36787 webvendome SQL Injection in "DocNumber" paramete

Reporter	Title	Published	Views	Family All 4
Prion	Sql injection	17 Nov 202223:15	–	prion
RedhatCVE	CVE-2022-36787	5 Feb 202522:45	–	redhatcve
Cvelist	CVE-2022-36787 webvendome - webvendome SQL Injection	17 Nov 202222:27	–	cvelist
NVD	CVE-2022-36787	17 Nov 202223:15	–	nvd

Nvd

Node

webvendome_project webvendomeMatch1.0

[
  {
    "defaultStatus": "unaffected",
    "product": "webvendome",
    "vendor": "webvendome",
    "versions": [
      {
        "lessThan": " Upgrade to the latest version.",
        "status": "affected",
        "version": "All versions",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
gov	www.gov.il/en/Departments/faq/cve_advisories

Parameter	Position	Path	Description	CWE
jobnumber	query param	/webvendome/showfiles.aspx	SQL Injection vulnerability in the DocNumber parameter of the showfiles.aspx endpoint.	CWE-89
DocNumber	query param	/webvendome/showfiles.aspx	SQL Injection vulnerability in the DocNumber parameter of the showfiles.aspx endpoint.	CWE-89

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

17 Nov 2022 23:15Current

10High risk

Vulners AI Score10

CVSS39.8

EPSS0.00066

CWE-89