CVE-2022-37333

2022-08-2409:15:08

CWE-89

[email protected]

web.nvd.nist.gov

exment

php

laravel admin

sql injection

remote attackers

authenticated

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

48.1%

JSON

SQL injection vulnerability in the Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows remote authenticated attackers to execute arbitrary SQL commands.

Affected configurations

Nvd

Node

exceedoneexmentRange≤5.0.2

exceedonelaravel-adminRange≤3.0.0

VendorProductVersionCPE
exceedoneexment*cpe:2.3:a:exceedone:exment:*:*:*:*:*:*:*:*
exceedonelaravel-admin*cpe:2.3:a:exceedone:laravel-admin:*:*:*:*:*:*:*:*