Lucene search

VulDBCVE-2022-3955

HistoryNov 11, 2022 - 4:15 p.m.

CVE-2022-3955

2022-11-1116:15:16

CWE-707

CWE-89

VulDB

web.nvd.nist.gov

cve-2022-3955

tholum crm42

sql injection

remote attack

vdb-213461

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.004

Percentile

72.3%

JSON

A vulnerability was found in tholum crm42. It has been rated as critical. This issue affects some unknown processing of the file crm42\class\class.user.php of the component Login. The manipulation of the argument user_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213461 was assigned to this vulnerability.

Affected configurations

Nvd

Node

crm42_projectcrm42Match-

VendorProductVersionCPE
crm42_projectcrm42-cpe:2.3:a:crm42_project:crm42:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
crm42_project	crm42	-	cpe:2.3:a:crm42_project:crm42:-:::::::*

CNA Affected

[
  {
    "vendor": "tholum",
    "product": "crm42",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  }
]

References

github.com/tholum/crm42/issues/1

vuldb.com/?id.213461

Social References

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.004

Percentile

72.3%

JSON

Related for CVE-2022-3955