CVE-2022-3955
HIGHcrm42 - SQL Injection via user_name Parameter in Login Component
Title source: llmDescription
A vulnerability was found in tholum crm42. It has been rated as critical. This issue affects some unknown processing of the file crm42\class\class.user.php of the component Login. The manipulation of the argument user_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213461 was assigned to this vulnerability.
References (2)
Core 2
Core References
Exploit, Issue Tracking, Third Party Advisory
https://github.com/tholum/crm42/issues/1
Third Party Advisory, VDB Entry
https://vuldb.com/?id.213461
Scores
CVSS v3
7.3
EPSS
0.0066
EPSS Percentile
46.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-89
CWE-707
Status
published
Products (1)
crm42_project/crm42
Published
Nov 11, 2022
Tracked Since
Feb 18, 2026