← back
CVE-2022-39056

Changing Information Technology Inc. RAVA certificate validation system - SQL Injection

CVSS 9.8 CRITICALEPSS 0.8%CWE-89
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
18 Oct 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
RAVA certificate validation system has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify and delete database.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →