CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-34324

Multiple SQL injections in Sage XRT Business Exchange 12.4.302 allow an authenticated attacker to inject malicious data in SQL queries: Add Currencies, Payment Order, and Transfer History.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.055

EPSS Ranking 89.8%

CVSS Severity

CVSS v3 Score 8.8

References

https://www.synacktiv.com/sites/default/files/2022-12/sage_xrt_multiple_sqli_1.pdf
https://www.synacktiv.com/sites/default/files/2022-12/sage_xrt_multiple_sqli_1.pdf

Products affected by CVE-2022-34324

Sage » Sage Xrt Business Exchange » Version: 12.4.302

cpe:2.3:a:sage:sage_xrt_business_exchange:12.4.302

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-34324

Products

Pricing

Contact Us