CVE-2022-23320

HIGH

XMPie uStore 12.3.7244.0 - Authenticated SQL Query Execution via Report Generation

Title source: llm

Description

XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database.

References (4)

Core 4

Core References

Vendor Advisory x_refsource_misc

http://xmpie.com

Exploit, Third Party Advisory x_refsource_misc

https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/

Release Notes, Vendor Advisory x_refsource_misc

https://www.xmpie.com/ustore-release-notes/

Third Party Advisory x_refsource_misc

https://www.linkedin.com/feed/update/urn:li:activity:6894666176450887681?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A6894666176450887681%2C6895051709354192896%29

Scores

CVSS v3 7.5

EPSS 0.0164

EPSS Percentile 73.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-287

Status published

Products (1)

xerox/xmpie_ustore 12.3.7244.0

Published Feb 07, 2022

Tracked Since Feb 18, 2026