Critical SQLi via Search Handler Query in m0ver bible-online
CVE-2022-4454 Published on December 13, 2022
m0ver bible-online Search search.java query sql injection
A vulnerability, which was classified as critical, has been found in m0ver bible-online. Affected by this issue is the function query of the file src/main/java/custom/application/search.java of the component Search Handler. The manipulation leads to sql injection. The name of the patch is 6ef0aabfb2d4ccd53fcaa9707781303af357410e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215444.
Vulnerability Analysis
Weakness Type
Improper Neutralization
The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.
Products Associated with CVE-2022-4454
stack.watch emails you whenever new vulnerabilities are published in Bible Onlineproject Bible Online or M0ver Bible Online. Just hit a watch button to start following.
Affected Versions
m0ver bible-online Version n/a is affected by CVE-2022-4454Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.