9 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
69.3%
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. (CVE-2022-24407)
Impact
Failure to properly escape SQL input allows an attacker to run arbitrary SQL commands.