What is CVE-2022-39041?

CVE-2022-39041 is a critical-severity vulnerability in Aenrich A+hrd, classified under SQL Injection. CVSS score: 9.8/10. Published 2023-01-03.

How severe is CVE-2022-39041?

Critical severity. CVSS v3 base score is 9.8 out of 10.

SQL Injection in Aenrich A+hrd

CVE-2022-39041

aEnrich a+HRD has insufficient user input validation for specific API parameter. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database.

Vulnerability class: SQL Injection

EPSS: 0.010 (77.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Aenrich A+hrd — versions 6.8

Weakness classification (CWE)

CWE-89 — SQL Injection

References

www.twcert.org.tw/tw/cp-132-6794-35928-1.html

Frequently asked questions

What is CVE-2022-39041?: CVE-2022-39041 is a critical-severity vulnerability in Aenrich A+hrd, classified under SQL Injection. CVSS score: 9.8/10. Published 2023-01-03.
How severe is CVE-2022-39041?: Critical severity. CVSS v3 base score is 9.8 out of 10.