CVE-2022-40446: SQL Injection
First published: Thu Sep 22 2022(Updated: )
ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the component /admin/sendmailto.php?tomail=&groupid=.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zzcms Zzcms | =2022 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-40446?
CVE-2022-40446 is a SQL injection vulnerability found in ZZCMS 2022 via the component /admin/sendmailto.php?tomail=&groupid=.
How severe is CVE-2022-40446?
CVE-2022-40446 has a severity rating of 7.2, which is considered high.
How does CVE-2022-40446 affect ZZCMS?
CVE-2022-40446 affects ZZCMS 2022 by allowing SQL injection attacks through the /admin/sendmailto.php?tomail=&groupid= component.
What is the Common Weakness Enumeration (CWE) ID for CVE-2022-40446?
The CWE ID for CVE-2022-40446 is 89.
Is there a fix or patch available for CVE-2022-40446?
Currently, there is no known fix or patch available for CVE-2022-40446. It is recommended to follow best practices for secure coding and regularly update to the latest version of ZZCMS when a patch is released.
- collector/nvd-index
- agent/references
- vendor/zzcms
- canonical/zzcms zzcms
- version/zzcms zzcms/2022