CVE-2022-46071
Published: 14 December 2022
Summary
CVE-2022-46071 is a critical-severity SQL Injection (CWE-89) vulnerability in Helmet Store Showroom Site Project Helmet Store Showroom Site. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 1.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2022-46071 is an SQL injection vulnerability in the login page of Helmet Store Showroom version 1.0. The flaw, tracked under CWE-89, carries a CVSS 3.1 score of 9.8 and permits unauthenticated attackers to submit crafted input that alters backend database queries.
An attacker with network access to the application can exploit the login form to bypass authentication entirely, obtaining administrative privileges and full control over the affected instance. Successful exploitation grants the ability to read, modify, or delete data and potentially execute further actions within the application.
Public references consist of proof-of-concept videos and a technical write-up demonstrating the injection; no vendor advisory or patch information is included in the provided sources. The EPSS score currently stands at 0.6916 after reaching a peak of 0.7920.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-48909
Vulnerability details
There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.