Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2022-4871
HistoryJan 03, 2023 - 12:15 p.m.

Sql injection

2023-01-0312:15:00
PRIOn knowledge base
www.prio-n.com
4
sql injection
nflpick-em.com
remote attacks
loadusers.php
vulnerability
json entrypoint
admin account
patch
vdb-217270
nvd

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.3%

JSON

A vulnerability classified as problematic was found in ummmmm nflpick-em.com up to 2.2.x. This vulnerability affects the function _Load_Users of the file html/includes/runtime/admin/JSON/LoadUsers.php. The manipulation of the argument sort leads to sql injection. The attack can be initiated remotely. The patch is identified as dd77a35942f527ea0beef5e0ec62b92e8b93211e. It is recommended to apply a patch to fix this issue. VDB-217270 is the identifier assigned to this vulnerability. NOTE: JSON entrypoint is only accessible via an admin account

CPENameOperatorVersion
nflpick-emlt2.3.0

Related

nvd 1
cve 1
osv 1
cvelist 1
nvd
nvd
CVE-2022-4871
2023-01-03 12:15:10
cve
cve
CVE-2022-4871
2023-01-03 12:15:10
osv
osv
CVE-2022-4871
2023-01-03 12:15:10
cvelist
cvelist
CVE-2022-4871 ummmmm nflpick-em.com LoadUsers.php _Load_Users sql injection
2023-01-03 11:00:36

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.3%

JSON
Related for PRION:CVE-2022-4871
nvd1cve1osv1cvelist1