First published: Mon Nov 14 2022(Updated: )
Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the order_by parameter at /rukovoditel/index.php?module=logs/view&type=php.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Rukovoditel Rukovoditel | =3.2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-43288.
The severity level of CVE-2022-43288 is high with a CVSS score of 8.8.
The SQL injection vulnerability occurs via the order_by parameter at /rukovoditel/index.php?module=logs/view&type=php.
Rukovoditel v3.2.1 is affected by CVE-2022-43288.
Yes, it is recommended to upgrade to a patched version of Rukovoditel to mitigate the SQL injection vulnerability.