cbcvebase.
CVE-2022-22280
published 2022-07-29

CVE-2022-22280: Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS…

PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
9.26%
94.7th percentile
Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions.

Affected

6 ranges
VendorProductVersion rangeFixed in
sonicwallanalytics<= 2.5.0.3-2520
sonicwallglobal_management_system< 9.3.19.3.1
sonicwallglobal_management_system
sonicwallgms
sonicwallsonicwall_analytics_on-prem
sonicwallsonicwall_gms

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2022-22280 is an unauthenticated SQL injection vulnerability in SonicWall GMS and Analytics On-Prem; monitor for unsanitized SQL special elements in requests to these products
  • ·Vulnerable versions are SonicWall GMS up to and including 9.3.1-SP2-Hotfix1 and Analytics On-Prem up to and including 2.5.0.3-2520; patched versions are GMS 9.3.1-SP2-Hotfix-2 or later and Analytics 2.5.0.3-Hotfix-1 or later
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.