CVE-2022-44785

CRITICAL

Appalti & Contratti 9.12.2 - Unauthenticated SQL Injection via GetListaEnti.do cfamm Parameter

Title source: llm
STIX 2.1

Description

An issue was discovered in Appalti & Contratti 9.12.2. The target web applications are subject to multiple SQL Injection vulnerabilities, some of which executable even by unauthenticated users, as demonstrated by the GetListaEnti.do cfamm parameter.

References (1)

Core 1

Scores

CVSS v3 9.8
EPSS 0.0083
EPSS Percentile 53.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
maggioli/appalti_\&_contratti 9.12.2
Published Nov 21, 2022
Tracked Since Feb 18, 2026