CVE-2022-44785

Name of the Vulnerable Software and Affected Versions Appalti & Contratti version 9.12.2

Description An issue was discovered in the target web applications, which are subject to multiple SQL Injection vulnerabilities. Some of these vulnerabilities are executable even by unauthenticated users, as demonstrated by the cfamm parameter in the "GetListaEnti.do" endpoint.

Recommendations For Appalti & Contratti version 9.12.2, consider disabling the cfamm parameter in the "GetListaEnti.do" endpoint as a temporary workaround until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.