Back to Advisories
🔔 CVE Advisory

CVE-2022-23272

Dynamics GP 2018

Dynamics GP 2018's Rich client allows regular users to perform arbitrary SQL DML via file upload. This SQLi is only exploitable when emailing for workflow and email multi-factor authentication is enabled.

Year 2022
Published February 26, 2022

Advisory Information

Affected Product Dynamics GP 2018
Title CVE-2022-23272
Description

Dynamics GP 2018's Rich client allows regular users to perform arbitrary SQL DML via file upload. This SQLi is only exploitable when emailing for workflow and email multi-factor authentication is enabled.

Year 2022
Published Date February 26, 2022
View Full CVE Advisory

Affected Vendors

M
Microsoft

Research Team

Hà Anh Hoàng
Hà Anh Hoàng
Senior Researcher