CVE-2022-23767

HIGH

SecureGate - Unauthenticated SQL Injection and Path Traversal via Login and File Transfer

Title source: llm

Description

This vulnerability of SecureGate is SQL-Injection using login without password. A path traversal vulnerability is also identified during file transfer. An attacker can take advantage of these vulnerabilities to perform various attacks such as obtaining privileges and executing remote code, thereby taking over the victim’s system.

References (1)

Core 1

Core References

Third Party Advisory x_refsource_misc

https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66926

Scores

CVSS v3 8.8

EPSS 0.0078

EPSS Percentile 51.1%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-22 CWE-288 CWE-89

Status published

Products (2)

hanssak/securegate 3.5

hanssak/weblink 3.5.2 - 3.5.5

Published Sep 19, 2022

Tracked Since Feb 18, 2026