CVE-2022-43143

CRITICAL

Beekeeper Studio 3.6.6 - Stored Cross-Site Scripting in Error Modal Container

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-43143. PoCs published by goseungduk.

AI-analyzed exploit summary This PoC exploits CVE-2022-43143, a vulnerability in MySQL, by sending crafted packets to trigger remote code execution (RCE). The exploit includes payloads for auto-alert, reverse shell, and opening a calculator, demonstrating the vulnerability's severity.

Description

A cross-site scripting (XSS) vulnerability in Beekeeper Studio v3.6.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error modal container.

Exploits (1)

nomisec WORKING POC

by goseungduk · poc

https://github.com/goseungduk/beekeeper

View Code ZIP pw:eip

This PoC exploits CVE-2022-43143, a vulnerability in MySQL, by sending crafted packets to trigger remote code execution (RCE). The exploit includes payloads for auto-alert, reverse shell, and opening a calculator, demonstrating the vulnerability's severity.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: MySQL (specific version not explicitly stated in the code)

No auth needed

Prerequisites: Network access to the target MySQL server · MySQL server vulnerable to CVE-2022-43143

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Issue Tracking, Patch, Third Party Advisory

https://github.com/beekeeper-studio/beekeeper-studio/issues/1393

Scores

CVSS v3 9.6

EPSS 0.0082

EPSS Percentile 52.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-79

Status published

Products (1)

beekeeperstudio/beekeeper-studio 3.6.6

Published Nov 21, 2022

Tracked Since Feb 18, 2026