Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-44945)

Description

Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter.

Remediation

References

Related Vulnerabilities

WordPress Plugin Tooltipy (tooltips for WP) Multiple Vulnerabilities (5.0.2)

TYPO3 Cryptographic Issues Vulnerability (CVE-2009-0255)

OpenVPN AS Insufficient Session Expiration Vulnerability (CVE-2020-15074)

Joomla! Core 1.0.x Unspecified Vulnerability (1.0.0 - 1.0.3)

XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-29514)

Severity

Critical

Classification

CVE-2022-44945 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities