CVE-2022-3467

Summary

A vulnerability classified as critical was found in Jiusi OA. Affected by this vulnerability is an unknown functionality of the file /jsoa/hntdCustomDesktopActionContent. The manipulation of the argument inforid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-210709 was assigned to this vulnerability.

Affected Software

VendorProductVersion RangeStatus
JiusiOAn/aaffected

Weaknesses

  • CWE-707: CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References