CVE-2022-22055 CRITICAL

CVE-2022-22055: Le-yan Co., Ltd. dental management system - SQL Injection

Vendor Le-Yan Co., Ltd.

Product Dental Management System

Weakness CWE-89 · SQLi

Published January 14, 2022

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

9.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The Le-yan dental management system contains an SQL-injection vulnerability. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to acquire administrator’s privilege and perform arbitrary operations on the system or disrupt service.

Key dates

02Disclosure timeline

January 14, 2022 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-22055

Related vulnerabilities

CVE-2022-22055: Le-yan Co., Ltd. dental management system - SQL Injection

01Description

02Disclosure timeline

03References

04Related CVE