exploitDog

CVE-2022-30025

Опубликовано: 24 мая 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

SQL injection in "/Framewrk/Home.jsp" file (POST method) in tCredence Analytics iDEAL Wealth and Funds - 1.0 iallows authenticated remote attackers to inject payload via "v" parameter.

Ссылки

https://gist.github.com/fir3storm/c8a013d1231c22e22835566609620afd
Exploit
Third Party Advisory
https://gist.github.com/fir3storm/c8a013d1231c22e22835566609620afd
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:credenceanalytics:ideal_-_wealth_and_funds:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 12%

0.00041

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-89

CWE-89

Связанные уязвимости

GHSA-vrh4-9hf5-8g3r

CVSS3: 6.5

github

больше 2 лет назад

SQL injection in "/Framewrk/Home.jsp" file (POST method) in tCredence Analytics iDEAL Wealth and Funds - 1.0 iallows authenticated remote attackers to inject payload via "v" parameter.

EPSS

Процентиль: 12%

0.00041

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-89

CWE-89