How severe is CVE-2022-26348?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2022-26348?

This is classified as CWE-89, which is a common weakness in software security.

CVE-2022-26348

MEDIUM Year: 2022

CVSS v3 Score

5.5

Medium

CVSS v2 Score

2.1

Low

Weakness Type

CWE-89

View all →

Vulnerability Description

Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has been preloaded into the registry of the Windows Server to obtain sensitive information. This issue affects: Gallagher Command Centre 8.60 versions prior to 8.60.1652; 8.50 versions prior to 8.50.2245; 8.40 versions prior to 8.40.2216; 8.30 versions prior to 8.30.1470; version 8.20 and prior versions.

CVE-2017-20195

MEDIUM

CVSS:5.5(Medium)

A vulnerability was found in LUNAD3v AreaLoad up to 1a1103182ed63a06dde63d1712f3262eda19c3ec. It has been rated as critical. This issue affects some unknown processing of the file request.php. The man...

CWE-892017

CVE-2018-9493

MEDIUM

CVSS:5.5(Medium)

In the content provider of the download manager, there is a possible SQL injection due to improper input validation. This could lead to local information disclosure with no additional execution privil...

CWE-892018

CVE-2019-19850

MEDIUM

CVSS:5.5(Medium)

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injec...

CWE-892019

CVE-2019-2196

MEDIUM

CVSS:5.5(Medium)

In Download Provider, there is possible SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.P...

CWE-892019

CVE-2019-2198

MEDIUM

CVSS:5.5(Medium)

In Download Provider, there is a possible SQL injection vulnerability. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed fo...

CWE-892019

CVE-2020-0344

MEDIUM

CVSS:5.5(Medium)

In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not n...

CWE-892020

CVE-2022-26348

Vulnerability Description

Related Vulnerabilities

CVE-2017-20195

CVE-2018-9493

CVE-2019-19850

CVE-2019-2196

CVE-2019-2198

CVE-2020-0344