SQL Injection Vulnerability in Archibus Web Central 2022.03.01.107

SQL Injection Vulnerability in Archibus Web Central 2022.03.01.107

CVE-2022-45165 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a user-controlled parameter that is used to create an SQL query. It causes this service to be prone to SQL injection.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.