CVE-2022-34324
published 2023-01-01CVE-2022-34324: Multiple SQL injections in Sage XRT Business Exchange 12.4.302 allow an authenticated attacker to inject malicious data in SQL queries: Add Currencies, Payment…
PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
11.81%
95.6th percentile
Multiple SQL injections in Sage XRT Business Exchange 12.4.302 allow an authenticated attacker to inject malicious data in SQL queries: Add Currencies, Payment Order, and Transfer History.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sage | sage_xrt_business_exchange | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Sage XRT Business Exchange 12.4.302 Add Currencies/Payment Order/Transfer History sql injection (EUVD-2022-37279)
vuldb·2026-06-13·CVSS 8.8
CVE-2022-34324 [HIGH] Sage XRT Business Exchange 12.4.302 Add Currencies/Payment Order/Transfer History sql injection (EUVD-2022-37279)
A vulnerability, which was classified as critical, was found in Sage XRT Business Exchange 12.4.302. Impacted is an unknown function of the component Add Currencies/Payment Order/Transfer History. Executing a manipulation can lead to sql injection.
This vulnerability is handled as CVE-2022-34324. The attack can only be done within the local network. There is not any exploit available.
GHSA
GHSA-7f7v-p3j5-xjjr: Multiple SQL injections in Sage XRT Business Exchange 12
ghsa_unreviewed·2023-01-01
CVE-2022-34324 [HIGH] CWE-89 GHSA-7f7v-p3j5-xjjr: Multiple SQL injections in Sage XRT Business Exchange 12
Multiple SQL injections in Sage XRT Business Exchange 12.4.302 allow an authenticated attacker to inject malicious data in SQL queries: Add Currencies, Payment Order, and Transfer History.
Citrix
Citrix Hypervisor Multiple Security Updates
vendor_citrix·2023-10-10·CVSS 7.8
CVE-2022-1304 [HIGH] Citrix Hypervisor Multiple Security Updates
Citrix Hypervisor Multiple Security Updates
of Problem Several issues have been discovered that affect Citrix Hypervisor 8.2 CU1 LTSR and may allow malicious privileged code in a guest VM to: i) Compromise an AMD-based host via a passed through PCI device: CVE-2023-34326 ii) Compromise the host when a specific administrative action is taken (see
CVE References: CVE-2022-1304, CVE-2023-20588, CVE-2023-34324, CVE-2023-34326, CVE-2023-34327
Affected Products: Citrix Hypervisor, XenServer
Severity: High
Remediation:
We have released hotfixes to address these issues. We recommend that affected customers install these hotfixes and follow the instructions in the linked articles as their update schedule permits. The hotfixes can be downloaded from the following locations: CTX575070 - https://su
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-01-01
Published