CVE-2022-45030: SQL Injection
First published: Sat Apr 15 2023(Updated: )
A SQL injection vulnerability in rConfig 3.9.7 exists via lib/ajaxHandlers/ajaxCompareGetCmdDates.php?command= (this may interact with secure-file-priv).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| rConfig rConfig | =3.9.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this SQL injection vulnerability?
The vulnerability ID for this SQL injection vulnerability is CVE-2022-45030.
What is the affected software version?
The affected software version is rConfig 3.9.7.
How does this vulnerability occur?
This vulnerability occurs via lib/ajaxHandlers/ajaxCompareGetCmdDates.php?command= in rConfig 3.9.7.
What is the severity of this vulnerability?
The severity of this vulnerability is high with a CVSS score of 8.8.
Are there any known exploits or references for this vulnerability?
Yes, there are known exploits and references available at the following links: [Packetstorm Security](http://packetstormsecurity.com/files/171613/rconfig-3.9.7-SQL-Injection.html) and [rConfig Downloads](https://www.rconfig.com/downloads/rconfig-3.9.7.zip).
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/rconfig
- canonical/rconfig rconfig
- version/rconfig rconfig/3.9.7