CVE-2022-39056

Summary

RAVA certificate validation system has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify and delete database.

Affected Software

VendorProductVersion RangeStatus
Changing Information Technology Inc.RAVA certificate validation system3affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References