CVE-2022-0842

MEDIUM Year: 2022
CVSS v3 Score
4.9
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-89
View all →

Vulnerability Description

A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database. The data obtained is dependent on the privileges the attacker has and to obtain sensitive data the attacker would require administrator privileges.

Related Vulnerabilities

CVE-2017-14600

MEDIUM
CVSS:4.9(Medium)

Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure.

CWE-892017

CVE-2017-14601

MEDIUM
CVSS:4.9(Medium)

Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure.

CWE-892017

CVE-2017-17822

MEDIUM
CVSS:4.9(Medium)

The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MySQ...

CWE-892017

CVE-2017-17823

MEDIUM
CVSS:4.9(Medium)

The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a connec...

CWE-892017

CVE-2017-17824

MEDIUM
CVSS:4.9(Medium)

The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the d...

CWE-892017

CVE-2017-3886

MEDIUM
CVSS:4.9(Medium)

A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, ...

CWE-892017