Remote SQL Injection Vulnerability in Planet eStream before 6.72.10.07

Remote SQL Injection Vulnerability in Planet eStream before 6.72.10.07

CVE-2022-45889 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Planet eStream before 6.72.10.07 allows a remote attacker (who is a publisher or admin) to obtain access to all records stored in the database, and achieve the ability to execute arbitrary SQL commands, via Search (the StatisticsResults.aspx flt parameter).

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.