This document explains the CVE-2022-47523 - Authenticated SQL Injection Vulnerability that has been reported.
CVE ID: CVE-2022-47523
Severity: High
Update Release build: 11.2.2300.03
Update Release Date: Feb 28, 2023
Reported by: nextheia.com via ManageEngine's Bug bounty program.
An authenticated SQL injection vulnerability in Endpoint DLP Plus (CVE-2022-47523) was identified which may allow an adversary to execute custom queries and access the database table entries. This has now been fixed by enhancing validation and escaping special characters.
Upgrading to the latest version is strongly advised due to this vulnerability's severity. To upgrade, follow the steps below:
For any further questions or concerns on this, please write to our support team at endpointdlpplus-support@manageengine.com