PT-2022-26797 · Maku-Boot · Maku-Boot
Tgao
·
Published
2022-12-07
·
Updated
2022-12-09
·
CVE-2022-4322
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
maku-boot versions up to 2.2.0
Description
A critical issue was found in the Scheduled Task Handler component, affecting the
doExecute function of the AbstractScheduleJob.java file. This leads to injection and can be initiated remotely. The exploit has been disclosed publicly.Recommendations
For maku-boot versions up to 2.2.0, apply the patch with the name 446eb7294332efca2bfd791bc37281cedac0d0ff to fix this issue. As a temporary workaround, consider disabling the
doExecute function of the Scheduled Task Handler component until the patch is applied. Restrict access to the Scheduled Task Handler component to minimize the risk of exploitation.Exploit
Fix
Improper Neutralization
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Maku-Boot