CVE-2022-38538: SQL Injection
First published: Tue Sep 13 2022(Updated: )
Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the checksum parameter in the report module.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Archerydms Archery | >=1.4.0<1.9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-38538?
CVE-2022-38538 is a SQL injection vulnerability in Archery v1.7.0 to v1.8.5 via the checksum parameter in the report module.
How severe is CVE-2022-38538?
CVE-2022-38538 has a severity rating of 9.8 (Critical).
How can the SQL injection vulnerability in Archery v1.7.0 to v1.8.5 be exploited?
The SQL injection vulnerability in Archery v1.7.0 to v1.8.5 can be exploited by manipulating the checksum parameter in the report module.
What is the affected software version range for CVE-2022-38538?
CVE-2022-38538 affects Archery v1.7.0 to v1.8.5.
Is there a fix available for CVE-2022-38538?
Yes, the fix for CVE-2022-38538 is available in version 1.9.0 of Archery.
- collector/nvd-index
- agent/weakness
- agent/description
- agent/type
- agent/references
- agent/severity
- agent/author
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/archerydms
- canonical/archerydms archery
- version/archerydms archery/1.4.0