Vulnerabilities > Archerydms > Archery > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-09-13 CVE-2022-38542 SQL Injection vulnerability in Archerydms Archery
Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the kill_session interface.
network
low complexity
archerydms CWE-89
critical
 9.8
9.8
2022-09-13 CVE-2022-38541 SQL Injection vulnerability in Archerydms Archery 1.8.3/1.8.4/1.8.5
Archery v1.8.3 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_time and stop_time parameters in the my2sql interface.
network
low complexity
archerydms CWE-89
critical
 9.8
9.8
2022-09-13 CVE-2022-38540 SQL Injection vulnerability in Archerydms Archery
Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the create_kill_session interface.
network
low complexity
archerydms CWE-89
critical
 9.8
9.8
2022-09-13 CVE-2022-38539 SQL Injection vulnerability in Archerydms Archery
Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vulnerability via the where parameter at /archive/apply.
network
low complexity
archerydms CWE-89
critical
 9.8
9.8
2022-09-13 CVE-2022-38538 SQL Injection vulnerability in Archerydms Archery
Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the checksum parameter in the report module.
network
low complexity
archerydms CWE-89
critical
 9.8
9.8
2022-09-13 CVE-2022-38537 SQL Injection vulnerability in Archerydms Archery
Archery v1.4.5 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_file, end_file, start_time, and stop_time parameters in the binlog2sql interface.
network
low complexity
archerydms CWE-89
critical
 9.8
9.8