SQL Injection Vulnerability in 74cmsSE by PLAIN CLOWN
CVE-2022-33096

7.5HIGH

Key Information:

Vendor: 74cms
Status: 74cmsse
Vendor: CVE Published:; 22 June 2022

What is CVE-2022-33096?

74cmsSE version 3.5.1 has been identified with a SQL injection vulnerability that arises through the keyword parameter in the endpoint /home/resume/index. This flaw can allow unauthorized users to execute arbitrary SQL queries, potentially exposing sensitive data or compromising the integrity of the database. It is crucial for users of this version to implement appropriate security measures to guard against exploitation.

References

https://github.com/PAINCLOWN/74cmsSE-Arbitrary-File-Readi...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2022
Vulnerability Reserved
Jun 13, 2022