CVE-2022-46836 CRITICAL

CVE-2022-46836: PHP code injection in watolib

Vendor Tribe29
Product Checkmk
Weakness CWE-20 · Input validation
Published February 20, 2023
Last update August 3, 2024

CVSS base score

9.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

What the vulnerability does

01Description

PHP code injection in watolib auth.php and hosttags.php in Tribe29's Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker to inject and execute PHP code which will be executed upon request of the vulnerable component.

Key dates

02Disclosure timeline

February 20, 2023 CVE published
August 3, 2024 Record updated