CVE-2022-22985

HIGH Year: 2022
CVSS v3 Score
8.8
High
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-94
View all →

Vulnerability Description

The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the specific web section where the information is displayed. Injection can be done on specific parameters. The injected code is executed when a legitimate user attempts to review history.

Related Vulnerabilities

CVE-2009-1547

HIGH
CVSS:8.8(High)

Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream header that triggers memory corruption, a...

CWE-942009

CVE-2011-1265

HIGH
CVSS:8.8(High)

The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, ...

CWE-942011

CVE-2011-1830

HIGH
CVSS:8.8(High)

Ekiga versions before 3.3.0 attempted to load a module from /tmp/ekiga_test.so.

CWE-942011

CVE-2012-0158

HIGH
CVSS:8.8(High)

The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2...

CWE-942012

CVE-2012-0175

HIGH
CVSS:8.8(High)

The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitr...

CWE-942012

CVE-2014-4000

HIGH
CVSS:8.8(High)

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes...

CWE-942014