CVE-2022-4093 HIGH

CVE-2022-4093: SQL Injection in dolibarr/dolibarr

Vendor Dolibarr
Product dolibarr/dolibarr
Weakness CWE-89 · SQLi
Published November 21, 2022
Last update April 14, 2025

CVSS base score

8.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In some cases, an attacker can obtain a persistent backdoor into an organization's systems, leading to a long-term compromise that can go unnoticed for an extended period. This affect 16.0.1 and 16.0.2 only. 16.0.0 or lower, and 16.0.3 or higher are not affected

Key dates

02Disclosure timeline

November 21, 2022 CVE published
April 14, 2025 Record updated