Multiple SQL Injection Vulnerabilities in Appalti & Contratti 9.12.2

CVE-2022-44785 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in Appalti & Contratti 9.12.2. The target web applications are subject to multiple SQL Injection vulnerabilities, some of which executable even by unauthenticated users, as demonstrated by the GetListaEnti.do cfamm parameter.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.