CVE-2022-4592

MEDIUM

Luckyshot CRMx - SQL Injection

Title source: llm

Description

A vulnerability was found in luckyshot CRMx and classified as critical. This issue affects the function get/save/delete/comment/commentdelete of the file index.php. The manipulation leads to sql injection. The attack may be initiated remotely. The name of the patch is 8c62d274986137d6a1d06958a6f75c3553f45f8f. It is recommended to apply a patch to fix this issue. The identifier VDB-216185 was assigned to this vulnerability.

References (2)

[Patch, Third Party Advisory] https://github.com/luckyshot/CRMx/commit/8c62d274986137d6a1d06958a6f75c3553f45f8f

View Patch ZIP pw:eip

[Third Party Advisory] https://vuldb.com/?id.216185

Scores

CVSS v3 6.3

EPSS 0.0023

EPSS Percentile 46.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-89 CWE-707

Status published

Products (1)

crmx_project/crmx

Published Dec 18, 2022

Tracked Since Feb 18, 2026