What is CVE-2022-47428?

CVE-2022-47428 is a medium-severity vulnerability in Wpdevart Booking_calendar, classified under SQL Injection. CVSS score: 6.7/10. Published 2023-11-06.

How severe is CVE-2022-47428?

Medium severity. CVSS v3 base score is 6.7 out of 10.

Is CVE-2022-47428 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Wpdevart Booking_calendar

CVE-2022-47428

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpDevArt Booking calendar, Appointment Booking System allows SQL Injection.This issue affects Booking calendar, Appointment Booking Syste…

Vulnerability class: SQL Injection

EPSS: 0.002 (36.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L.

Affected products

Wpdevart Booking_calendar
Wpdevart Booking Calendar, Appointment System — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

20142995/nuclei-templates

References

audit@patchstack.com (Third Party Advisory, vdb-entry)

Frequently asked questions

What is CVE-2022-47428?: CVE-2022-47428 is a medium-severity vulnerability in Wpdevart Booking_calendar, classified under SQL Injection. CVSS score: 6.7/10. Published 2023-11-06.
How severe is CVE-2022-47428?: Medium severity. CVSS v3 base score is 6.7 out of 10.
Is CVE-2022-47428 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.