CVE-2022-4093
published 2022-11-21CVE-2022-4093: SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many…
PriorityP359critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.95%
89.1th percentile
SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In some cases, an attacker can obtain a persistent backdoor into an organization's systems, leading to a long-term compromise that can go unnoticed for an extended period. This affect 16.0.1 and 16.0.2 only. 16.0.0 or lower, and 16.0.3 or higher are not affected
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dolibarr | dolibarr | >= 16.0.1 < 16.0.3 | 16.0.3 |
| dolibarr | dolibarr_dolibarr | >= unspecified < 16.0.3 | 16.0.3 |
| dolibarr | dolibarr_erp_crm | — | — |
| dolibarr | dolibarr_erp_crm | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
SQL injection in Dolibarr
ghsa·2022-11-21
CVE-2022-4093 [CRITICAL] CWE-89 SQL injection in Dolibarr
SQL injection in Dolibarr
SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In some cases, an attacker can obtain a persistent backdoor into an organization's systems, leading to a long-term compromise that can go unnoticed for an extended period. This affect 16.0.1 and 16.0.2 only. 16.0.0 or lower, and 16.0.3 or higher are not affected
OSV
CVE-2022-4093: SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information
osv·2022-11-21·CVSS 9.8
CVE-2022-4093 [CRITICAL] CVE-2022-4093: SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information
SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In some cases, an attacker can obtain a persistent backdoor into an organization's systems, leading to a long-term compromise that can go unnoticed for an extended period. This affect 16.0.1 and 16.0.2 only. 16.0.0 or lower, and 16.0.3 or higher are not affected
OSV
SQL injection in Dolibarr
osv·2022-11-21
CVE-2022-4093 [CRITICAL] SQL injection in Dolibarr
SQL injection in Dolibarr
SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In some cases, an attacker can obtain a persistent backdoor into an organization's systems, leading to a long-term compromise that can go unnoticed for an extended period. This affect 16.0.1 and 16.0.2 only. 16.0.0 or lower, and 16.0.3 or higher are not affected
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-11-21
Published