CVE-2022-22055
Published Jan 14, 2022
Last updated 3 years ago
Overview
- Description
- The Le-yan dental management system contains an SQL-injection vulnerability. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to acquire administrator’s privilege and perform arbitrary operations on the system or disrupt service.
- Source
- twcert@cert.org.tw
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:le-yan_dental_management_system_project:le-yan_dental_management_system:2.8.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "070EB62A-4589-4370-9414-DE1B6A867F2B"
}
],
"operator": "OR"
}
]
}
]