Patch Download Failures
Patch Installation Failures
WSUS Failures
Package Failures
- Package Signing Failed
- Package Publishing Failed
Patch Publish Failures
- Patch Publish Failed
- WSUS Application Publishing Error
Certificate Errors
- Self-signed Certificate Errors
- Import Certificate Failure
General Errors

Authenticated SQL Injection Vulnerability

This document explains the CVE-2022-47523 - Authenticated SQL Injection Vulnerability that has been reported.

CVE ID: CVE-2022-47523
Severity:High
Update Release build: 90116
Update Release Date: January 20, 2023
Reported by: nextheia.com via ManageEngine's Bug bounty program.

What was the problem?

An authenticated SQL injection vulnerability in Patch Connect Plus (CVE-2022-47523) was identified which may allow an adversary to execute custom queries and access the database table entries. This has now been fixed by enhancing validation and escaping special characters.

How to fix it?

Upgrading to the latest version is strongly advised due to this vulnerability's severity. To upgrade, follow the steps below:

Navigate to Service pack
Download and upgrade the latest build.

For any further questions or concerns on this, please write to our support team at patchconnectplus-support@manageengine.com