Vulnerability CVE-2022-45889


Published: 2022-12-25

Description:
Planet eStream before 6.72.10.07 allows a remote attacker (who is a publisher or admin) to obtain access to all records stored in the database, and achieve the ability to execute arbitrary SQL commands, via Search (the StatisticsResults.aspx flt parameter).

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Planet eStream Code Execution / SQL Injection / XSS / Broken Control
Philipp Espernbe...
09.12.2022

 References:
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-planet-enterprises-ltd-planet-estream/

Copyright 2024, cxsecurity.com

 

Back to Top