CVE-2022-36787 is a SQL Injection vulnerability identified in the webvendome product, affecting all versions. The vulnerability arises from improper neutralization of special elements used in SQL commands (CWE-89), specifically in the 'DocNumber' parameter within a GET request to the endpoint /webvendome/showfiles.aspx. This improper sanitization allows an attacker to inject malicious SQL code through the 'DocNumber' parameter, potentially manipulating backend database queries. Such exploitation can lead to unauthorized data access, data modification, or even complete compromise of the database. The vulnerability is exploitable without authentication and does not require user interaction beyond sending a crafted HTTP GET request. Although no known exploits have been reported in the wild, the nature of SQL Injection vulnerabilities makes this a significant risk, especially given that all versions of webvendome are affected and no patches have been published. The vulnerability was publicly disclosed on November 17, 2022, and has been enriched by CISA, indicating recognition by cybersecurity authorities.

For European organizations using webvendome, this vulnerability poses a risk of unauthorized data disclosure, data corruption, or loss of data integrity. Attackers could extract sensitive business information, customer data, or intellectual property stored in the backend databases. The ability to execute arbitrary SQL commands could also allow attackers to escalate privileges within the application or pivot to other internal systems. This could disrupt business operations, lead to regulatory non-compliance (e.g., GDPR violations due to data breaches), and damage organizational reputation. Given that webvendome is a web-based product, the attack surface is exposed to remote exploitation over the internet, increasing the risk of widespread impact. The absence of known exploits in the wild does not reduce the potential impact, as the vulnerability is straightforward to exploit and could be targeted by opportunistic attackers or advanced persistent threat actors.

Since no official patches are available, European organizations should implement immediate compensating controls. These include: 1) Applying rigorous input validation and sanitization on the 'DocNumber' parameter, using parameterized queries or prepared statements to prevent SQL Injection. 2) Employing Web Application Firewalls (WAFs) with custom rules to detect and block SQL Injection attempts targeting the vulnerable endpoint. 3) Restricting database user privileges associated with the webvendome application to the minimum necessary, limiting the potential damage of a successful injection. 4) Conducting thorough code reviews and penetration testing focused on SQL Injection vectors within webvendome deployments. 5) Monitoring application logs and network traffic for unusual query patterns or repeated access attempts to the vulnerable endpoint. 6) Planning for an upgrade or patch deployment once the vendor releases a fix, and maintaining close communication with the vendor for updates. These measures go beyond generic advice by focusing on immediate, actionable steps tailored to the specific vulnerability and product.