Back to Advisories
🔔 CVE Advisory

CVE-2022-23274

Dynamics GP 2018

Dynamics GP 2018 Web Service handled the document id parameter incorrectly during invoice creation, allowing users to inject SQL and write arbitrary data into the database. This was then used to plant a serialized object to be processed later, resulting in code execution.

Year 2022
Published February 26, 2022

Advisory Information

Affected Product Dynamics GP 2018
Title CVE-2022-23274
Description

Dynamics GP 2018 Web Service handled the document id parameter incorrectly during invoice creation, allowing users to inject SQL and write arbitrary data into the database. This was then used to plant a serialized object to be processed later, resulting in code execution.

Year 2022
Published Date February 26, 2022
View Full CVE Advisory

Affected Vendors

M
Microsoft

Research Team

Hà Anh Hoàng
Hà Anh Hoàng
Senior Researcher