CVE-2022-50593 CRITICAL

CVE-2022-50593: Advantech iView < v5.7.04 Build 6425 search_term Parameter SQL Injection RCE

Vendor Advantech

Product iView

Weakness CWE-89 · SQLi

Published November 6, 2025

Last update November 15, 2025

View on NVD All CVEs

CVSS base score

9.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘search_term’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with administrator privileges.

Key dates

02Disclosure timeline

November 6, 2025 CVE published

November 15, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-50593

Related vulnerabilities

04Related CVE

CVE-2026-0699 code-projects Intern Membership Management System edit_activity.php sql injection CVE-2025-4197 code-projects Patient Record Management System edit_xpatient.php sql injection CVE-2026-35395 WeGIA has a SQL Injection in DespachoDAO.php via id_memorando parameter CVE-2025-8156 PHPGurukul User Registration & Login and User Management lastsevendays-reg-users.php sql injection CVE-2023-28108 Pimcore has improper quoting of columns when calling methods "getByUuid" & "exists" on UUID Model