CVE-2022-23986

HIGH

phpuploader < 1.2 - Unauthenticated SQL Injection

Title source: llm
STIX 2.1

Description

SQL injection vulnerability in the phpUploader v1.2 and earlier allows a remote unauthenticated attacker to obtain the information in the database via unspecified vectors.

References (2)

Core 2
Core References
Patch, Release Notes, Third Party Advisory x_refsource_misc
https://github.com/shimosyan/phpUploader/releases/tag/v1.2.1
Third Party Advisory x_refsource_misc
https://jvn.jp/en/jp/JVN00095004/index.html

Scores

CVSS v3 7.5
EPSS 0.0166
EPSS Percentile 74.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-89
Status published
Products (1)
phpuploader_project/phpuploader < 1.2
Published Feb 24, 2022
Tracked Since Feb 18, 2026