Changing Information Technology Inc. RAVA certificate validation system - SQL Injection
CVE-2022-39056

9.8CRITICAL

Key Information:

Vendor: Changing Information Technology Inc.
Status: Rava Certificate Validation System
Vendor: CVE Published:; 18 October 2022

Summary

RAVA certificate validation system has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify and delete database.

Affected Version(s)

RAVA certificate validation system 3

References

https://www.twcert.org.tw/tw/cp-132-6617-109b0-1.html

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 18, 2022
Vulnerability Reserved
Aug 31, 2022