CVE-2022-45297

CRITICAL

EQ < 2.2.0 - SQL Injection

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-45297. PoCs published by TLF.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in EQ Enterprise management system v2.2.0. The POC shows a malicious payload in the 'ServerDB' parameter that can be used to execute arbitrary SQL commands, potentially leading to unauthorized data access or manipulation.

Description

EQ v1.5.31 to v2.2.0 was discovered to contain a SQL injection vulnerability via the UserPwd parameter.

Exploits (1)

exploitdb WORKING POC

by TLF · textwebappsasp

https://www.exploit-db.com/exploits/51154

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in EQ Enterprise management system v2.2.0. The POC shows a malicious payload in the 'ServerDB' parameter that can be used to execute arbitrary SQL commands, potentially leading to unauthorized data access or manipulation.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: EQ Enterprise management system v1.5.31 to v2.2.0

No auth needed

Prerequisites: Network access to the target system · The target system must be running a vulnerable version of EQ Enterprise management system

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://github.com/tlfyyds/EQ

Exploit, Third Party Advisory

http://packetstormsecurity.com/files/171615/EQ-Enterprise-Management-System-2.2.0-SQL-Injection.html

Scores

CVSS v3 9.8

EPSS 0.0280

EPSS Percentile 84.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-89

Status published

Products (1)

eq_project/eq 1.5.31 - 2.2.0

Published Jan 31, 2023

Tracked Since Feb 18, 2026