SQL Injection Vulnerability in OcoMon by OcoMon
CVE-2022-41391

9.8CRITICAL

Key Information:

Vendor: Ocomon Project
Status: Ocomon
Vendor: CVE Published:; 13 October 2022

Summary

A SQL injection vulnerability has been identified in OcoMon v4.0, allowing attackers to manipulate SQL queries via the 'cod' parameter in the showImg.php file. This weakness can enable unauthorized access to the database, potentially leading to data exposure or modification. It is essential for users to apply necessary patches and security measures to mitigate this risk.

References

https://gist.github.com/fgimenesp/a30dcc4fb7912334b6fb1b1...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 13, 2022
Vulnerability Reserved
Sep 26, 2022