CVE-2022-39056

CRITICAL

RAVA Certificate Validation System - Unauthenticated SQL Injection

Title source: llm
STIX 2.1

Description

RAVA certificate validation system has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify and delete database.

References (1)

Core 1
Core References

Scores

CVSS v3 9.8
EPSS 0.0076
EPSS Percentile 51.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
changingtec/rava_certificate_validation_system 3
Published Oct 18, 2022
Tracked Since Feb 18, 2026