An issue was discovered in Appalti & Contratti 9.12.2. The target web applications are subject to multiple SQL Injection vulnerabilities, some of which executable even by unauthenticated users, as demonstrated by the GetListaEnti.do cfamm parameter.
References
Link | Resource |
---|---|
https://members.backbox.org/maggioli-appalti-contratti-multiple-vulnerabilities/ | Exploit Third Party Advisory |
Configurations
History
23 Nov 2022, 16:01
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:maggioli:appalti_\&_contratti:9.12.2:*:*:*:*:*:*:* | |
References | (MISC) https://members.backbox.org/maggioli-appalti-contratti-multiple-vulnerabilities/ - Exploit, Third Party Advisory | |
CWE | CWE-89 | |
First Time |
Maggioli appalti \& Contratti
Maggioli |
22 Nov 2022, 13:44
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-11-21 23:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-44785
Mitre link : CVE-2022-44785
CVE.ORG link : CVE-2022-44785
JSON object : View
Products Affected
maggioli
- appalti_\&_contratti
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')