Lucene search

[email protected]CVE-2022-3955

HistoryNov 11, 2022 - 4:15 p.m.

CVE-2022-3955

2022-11-1116:15:16

CWE-89

CWE-707

[email protected]

web.nvd.nist.gov

cve-2022-3955

tholum crm42

sql injection

remote attack

vdb-213461

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.7%

JSON

A vulnerability was found in tholum crm42. It has been rated as critical. This issue affects some unknown processing of the file crm42\class\class.user.php of the component Login. The manipulation of the argument user_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213461 was assigned to this vulnerability.

Affected configurations

NVD

Node

crm42_projectcrm42Match-

CPENameOperatorVersion
crm42_project:crm42crm42 project crm42eq-

CPE	Name	Operator	Version
crm42_project:crm42	crm42 project crm42	eq	-

CNA Affected

[
  {
    "vendor": "tholum",
    "product": "crm42",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  }
]

References

github.com/tholum/crm42/issues/1

vuldb.com/?id.213461

Social References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.7%

JSON

Related for CVE-2022-3955

nvd1 prion1 cvelist1