CVE-2022-25322
CRITICAL EXPLOITED NUCLEIZEROF Web Server 2.0 - SQL Injection via HandleEvent Endpoint
Title source: llmExploitation Summary
CVE-2022-25322 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
ZEROF Web Server 2.0 allows /HandleEvent SQL Injection.
Nuclei Templates (1)
ZEROF Web Server 2.0 - SQL Injection
CRITICALby daffainfo
Shodan:
Server: ZEROF Web Server
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://awillix.ru
Exploit, Third Party Advisory x_refsource_misc
https://github.com/landigv/research/blob/main/cve/CVE-2022-25322.md
Scores
CVSS v3
9.8
EPSS
0.0856
EPSS Percentile
94.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2024-01-22
CWE
CWE-89
Status
published
Products (1)
zerof/web_server
2.0
Published
Feb 18, 2022
Tracked Since
Feb 18, 2026