CVE-2022-45889
HIGH WAF: High
CVSS 7.2
Published: 2022-12-25
CWE-89 CWE-89
Planet eStream before 6.72.10.07 allows a remote attacker (who is a publisher or admin) to obtain access to all records stored in the database, and achieve the ability to execute arbitrary SQL commands, via Search (the StatisticsResults.aspx flt parameter).
WAF Coverage Analysis
SQL Injection
High WAF Coverage
OWASP: A03:2021 Injection
942xxx - SQL Injection
SQL Injection
High WAF Coverage
OWASP: A03:2021 Injection
942xxx - SQL Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| planetestream | planet_estream | up to 6.72.10.07 |
References
- sec-consult.com (Exploit, Third Party Advisory)