CVE-2022-27434

CRITICAL

Unit4 Teta < 29.5 - SQL Injection

Title source: rule

Description

UNIT4 TETA Mobile Edition (ME) before 29.5.HF17 was discovered to contain a SQL injection vulnerability via the ProfileName parameter in the errorReporting page.

Exploits (1)

nomisec WRITEUP 1 stars
by LongWayHomie · poc
https://github.com/LongWayHomie/CVE-2022-27434

References (2)

Scores

CVSS v3 9.8
EPSS 0.0150
EPSS Percentile 81.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
unit4/teta < 29.5
Published Jul 18, 2022
Tracked Since Feb 18, 2026