CVE-2022-44015

CRITICAL

Simmeth Lieferantenmanager <5.6 - SQL Injection

Title source: llm
STIX 2.1

Description

An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can inject raw SQL queries. By activating MSSQL features, the attacker is able to execute arbitrary commands on the MSSQL server via the xp_cmdshell extended procedure.

Scores

CVSS v3 9.8
EPSS 0.0117
EPSS Percentile 63.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
simmeth/lieferantenmanager < 5.6
Published Dec 25, 2022
Tracked Since Feb 18, 2026