How severe is CVE-2022-31092?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2022-31092?

This is classified as CWE-89, which is a common weakness in software security.

CVE-2022-31092 - HIGH Severity | CVSS 8.1

Vulnerability Description

Pimcore is an Open Source Data & Experience Management Platform. Pimcore offers developers listing classes to make querying data easier. This listing classes also allow to order or group the results based on one or more columns which should be quoted by default. The actual issue is that quoting is not done properly in both cases, so there's the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the listing classes. This issue has been resolved in version 10.4.4. Users are advised to upgrade or to apple the patch manually. There are no known workarounds for this issue.

Related Vulnerabilities

CVE-2015-3314

HIGH

CVSS:8.1(High)

SQL injection vulnerability in WordPress Tune Library plugin before 1.5.5.

CWE-892015

CVE-2015-3637

HIGH

CVSS:8.1(High)

SQL injection vulnerability in phpMyBackupPro when run in multi-user mode before 2.5 allows remote attackers to execute arbitrary SQL commands via the username and password parameters.

CWE-892015

CVE-2015-3947

HIGH

CVSS:8.1(High)

SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CWE-892015

CVE-2015-7999

HIGH

CVSS:8.1(High)

Multiple SQL injection vulnerabilities in the Administration Web UI servlets in Citrix Command Center before 5.1 Build 36.7 and 5.2 before Build 44.11 allow remote authenticated users to execute arbit...

CWE-892015

CVE-2016-10839

HIGH

CVSS:8.1(High)

cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usernames (SEC-71).

CWE-892016

CVE-2016-3675

HIGH

CVSS:8.1(High)

SQL injection vulnerability in Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to system...

CWE-892016