CVE-2022-46442

CVSS V2 None CVSS V3 None

Description

dedecms <=V5.7.102 is vulnerable to SQL Injection. In sys_ sql_ n query.php there are no restrictions on the sql query.

Overview

CVE ID
CVE-2022-46442

Assigner
cve@mitre.org

Vulnerability Status
Analyzed

Published Version
2022-12-27T22:15:15

Last Modified Date
2023-01-06T01:53:12

Weakness Enumerations

CWE	URL
CWE-89	http://cwe.mitre.org/data/definitions/89.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start	Version End
cpe:2.3:a:dedecms:dedecms::::::::	1	OR		5.7.102

References

Reference URL	Reference Tags
https://gist.github.com/yinfei6/f2b311374de4b4cec1dc22433d38c92a

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-46442
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46442

History

Created	Old Value	New Value	Data Type	Notes
2022-12-27 23:15:02				Added to TrackCVE
2022-12-28 12:14:50		2022-12-28T10:18:56	CVE Modified Date	updated
2022-12-28 12:14:50	Received	Awaiting Analysis	Vulnerability Status	updated
2023-01-04 16:17:16	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated
2023-01-06 03:18:36		2023-01-06T01:53:12	CVE Modified Date	updated
2023-01-06 03:18:36	Undergoing Analysis	Analyzed	Vulnerability Status	updated
2023-01-06 03:18:37			Weakness Enumeration	new
2023-01-06 03:18:39			CPE Information	updated