CVE-2022-44015
CRITICAL WAF: High
CVSS 9.8
Published: 2022-12-25
CWE-89 CWE-89
An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can inject raw SQL queries. By activating MSSQL features, the attacker is able to execute arbitrary commands on the MSSQL server via the xp_cmdshell extended procedure.
WAF Coverage Analysis
SQL Injection
High WAF Coverage
OWASP: A03:2021 Injection
942xxx - SQL Injection
SQL Injection
High WAF Coverage
OWASP: A03:2021 Injection
942xxx - SQL Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| simmeth | lieferantenmanager | up to 5.6 |
References
- sec-consult.com (Exploit, Third Party Advisory)