CVE-2022-45889

HIGH

Planet eStream < 6.72.10.07 - Authenticated SQL Injection via StatisticsResults.aspx flt Parameter

Title source: llm
STIX 2.1

Description

Planet eStream before 6.72.10.07 allows a remote attacker (who is a publisher or admin) to obtain access to all records stored in the database, and achieve the ability to execute arbitrary SQL commands, via Search (the StatisticsResults.aspx flt parameter).

Scores

CVSS v3 7.2
EPSS 0.0128
EPSS Percentile 66.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
planetestream/planet_estream < 6.72.10.07
Published Dec 25, 2022
Tracked Since Feb 18, 2026