CVE-2022-43288: SQL Injection
First published: Mon Nov 14 2022(Updated: )
Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the order_by parameter at /rukovoditel/index.php?module=logs/view&type=php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rukovoditel Rukovoditel | =3.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Rukovoditel version 3.2.1 vulnerability?
The vulnerability ID is CVE-2022-43288.
What is the severity level of CVE-2022-43288?
The severity level of CVE-2022-43288 is high with a CVSS score of 8.8.
How does the SQL injection vulnerability occur in Rukovoditel v3.2.1?
The SQL injection vulnerability occurs via the order_by parameter at /rukovoditel/index.php?module=logs/view&type=php.
Which software version is affected by CVE-2022-43288?
Rukovoditel v3.2.1 is affected by CVE-2022-43288.
Is there a fix available for the vulnerability?
Yes, it is recommended to upgrade to a patched version of Rukovoditel to mitigate the SQL injection vulnerability.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/weakness
- agent/tags
- agent/event
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- vendor/rukovoditel
- canonical/rukovoditel rukovoditel
- version/rukovoditel rukovoditel/3.2.1