Platform
other
Component
le-yan-dental-management-system
Fixed in
2.8.6
CVE-2022-22055 describes a critical SQL Injection vulnerability discovered in the Le-yan Dental Management System. This flaw allows an unauthenticated attacker to inject malicious SQL commands through the login page, potentially leading to unauthorized access and system disruption. The vulnerability impacts versions 2.8.5–2.8.5, and a patch is expected from the vendor.
Successful exploitation of CVE-2022-22055 grants an attacker the ability to bypass authentication and gain administrator privileges within the Le-yan Dental Management System. This level of access allows for arbitrary operations, including data modification, deletion, and exfiltration. Sensitive patient data, appointment schedules, and financial records are all at risk. The attacker could also disrupt service by manipulating the database, effectively rendering the system unusable. Given the nature of SQL injection, the blast radius extends to the entire database, making it a high-impact vulnerability.
CVE-2022-22055 was publicly disclosed on January 14, 2022. While no active exploitation campaigns have been definitively linked to this specific CVE, the ease of exploitation associated with SQL injection vulnerabilities makes it a likely target. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept exploits are likely to emerge given the vulnerability's severity and accessibility.
Exploit Status
EPSS
3.16% (87% percentile)
CVSS Vector
The primary mitigation for CVE-2022-22055 is to upgrade to a patched version of the Le-yan Dental Management System as soon as it becomes available. Until then, implement temporary workarounds to reduce the attack surface. These include strict input validation on the login page, specifically filtering for SQL injection payloads. Deploying a Web Application Firewall (WAF) with SQL injection protection rules can also help block malicious requests. Regularly review database access logs for suspicious activity. After applying any mitigation, verify its effectiveness by attempting to reproduce the vulnerability with a safe test payload.
Update the Le-yan dental management system to a patched version that resolves the SQL-injection (SQL Injection) vulnerability. Contact the vendor for the update or follow their security instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2022-22055 is a critical SQL Injection vulnerability in Le-yan Dental Management System versions 2.8.5–2.8.5. An attacker can inject SQL commands through the login page to gain administrator access.
If you are using Le-yan Dental Management System version 2.8.5, you are potentially affected by this vulnerability. Upgrade as soon as a patch is available.
The recommended fix is to upgrade to a patched version of the Le-yan Dental Management System. Until then, implement input validation and WAF rules as temporary mitigations.
While no confirmed active exploitation campaigns have been publicly reported, the ease of exploitation makes it a likely target for attackers.
Refer to the vendor's website or security mailing list for the official advisory regarding CVE-2022-22055.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.