CVE-2022-46808

FOE NIST NVD November 03, 2023

Summary

A critical SQL injection vulnerability, identified as CVE-2022-46808, has been discovered in the Repute Infosystems ARMember membership plugin. This flaw allows attackers to inject malicious SQL commands, potentially leading to unauthorized data access or manipulation.

IFF Assessment

FOE

This vulnerability allows for SQL injection, which is a common and dangerous attack vector that can compromise data integrity and confidentiality.

Severity

9.8 Critical

Defender Context

Defenders need to immediately patch or update ARMember to version 3.4.11 or later to mitigate this severe SQL injection vulnerability. Organizations using this plugin should monitor their systems for any signs of exploitation and review access controls for their databases.

Read Full Story →