CVE-2022-37333

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in packagist/exceedone/laravel-admin

Identifiers

GHSA-p74q-2pf8-j5jx, CVE-2022-37333

Package Slug

packagist/exceedone/laravel-admin

Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Description

SQL injection vulnerability in the Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows remote authenticated attackers to execute arbitrary SQL commands.

Affected Versions

All versions before 2.2.3, version 3.0.0

Solution

Upgrade to versions 2.2.3, 3.0.1 or above.

Last Modified

2022-09-19

source