Описание
Bonanza Wealth Management System (BWM) 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords in encrypted format from the Microsoft SQL Server component.
Ссылки
- Third Party Advisory
- Not Applicable
- Product
- Third Party Advisory
- Not Applicable
- Product
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:wealth:bonanza_wealth_management_system:7.3.2:*:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.00316
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
Bonanza Wealth Management System (BWM) 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords in encrypted format from the Microsoft SQL Server component.
EPSS
Процентиль: 54%
0.00316
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89