CVE-2022-24691

{"id": "CVE-2022-24691", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 2.8}]}, "published": "2022-07-18T13:15:09.853", "references": [{"url": "https://dsk.lu/fr/produits/temps-de-presence", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2022-24688-92.pdf", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A SQL Injection vulnerability allows authenticated users to taint database data and extract sensitive information via crafted HTTP requests. The type of SQL Injection is blind boolean based."}, {"lang": "es", "value": "Se ha detectado un problema en DSK DSKNet versiones 2.16.136.0 y 2.17.136.5. Una vulnerabilidad de Inyecci\u00f3n SQL permite a usuarios autenticados manchar los datos de la base de datos y extraer informaci\u00f3n confidencial por medio de peticiones HTTP dise\u00f1adas. El tipo de inyecci\u00f3n SQL est\u00e1 basado en un booleano ciego"}], "lastModified": "2022-07-27T17:34:23.237", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dsk:dsknet:2.16.136.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49B0E313-BCD6-47A4-9968-A49FD8E78A34"}, {"criteria": "cpe:2.3:a:dsk:dsknet:2.17.136.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B31B0D02-2879-422F-8100-2594CA5E82F5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}