GHSA-p74q-2pf8-j5jx, CVE-2022-37333
packagist/exceedone/exment
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
SQL injection vulnerability in the Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows remote authenticated attackers to execute arbitrary SQL commands.
All versions before 4.4.3, all versions starting from 5.0.0 before 5.0.3
Upgrade to versions 4.4.3, 5.0.3 or above.
2022-09-19
source |