CVE-2022-45564
CRITICALznfit Home improvement ERP management system V50_20220207 v42 - SQL Injection via userCode Parameter
Title source: llmDescription
SQL Injection vulnerability in znfit Home improvement ERP management system V50_20220207,v42 allows attackers to execute arbitrary sql commands via the userCode parameter to the wechat applet.
References (1)
Core 1
Core References
Scores
CVSS v3
9.8
EPSS
0.0076
EPSS Percentile
51.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (1)
znfit/home_improvement_erp_management_system
42
Published
Feb 21, 2023
Tracked Since
Feb 18, 2026