Lucene search

K
prionPRIOn knowledge basePRION:CVE-2022-24956
HistoryMar 29, 2022 - 2:15 a.m.

Sql injection

2022-03-2902:15:00
PRIOn knowledge base
www.prio-n.com
shopware b2b-suite
sql injection
sort-by parameter
database dump
remote attacker

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

33.8%

An issue was discovered in Shopware B2B-Suite through 4.4.1. The sort-by parameter of the search functionality of b2border and b2borderlist allows SQL injection. Possible techniques are boolean-based blind, time-based blind, and potentially stacked queries. The vulnerability allows a remote authenticated attacker to dump the underlying database.

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

33.8%

Related for PRION:CVE-2022-24956