CVE-2022-37333

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in packagist/exceedone/exment

Identifiers

GHSA-p74q-2pf8-j5jx, CVE-2022-37333

Package Slug

packagist/exceedone/exment

Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Description

SQL injection vulnerability in the Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows remote authenticated attackers to execute arbitrary SQL commands.

Affected Versions

All versions before 4.4.3, all versions starting from 5.0.0 before 5.0.3

Solution

Upgrade to versions 4.4.3, 5.0.3 or above.

Last Modified

2022-09-19

source