CVE-2022-35598

Опубликовано: 18 авг. 2022

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

A SQL injection vulnerability in ConnectionFactoryDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter username.

Ссылки

https://github.com/sazanrjb/InventoryManagementSystem
Third Party Advisory
https://github.com/sazanrjb/InventoryManagementSystem/issues/14
Issue Tracking
Third Party Advisory
https://github.com/sazanrjb/InventoryManagementSystem
Third Party Advisory
https://github.com/sazanrjb/InventoryManagementSystem/issues/14
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:inventorymanagementsystem_project:inventorymanagementsystem:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 46%

0.00233

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-2j29-gqvx-5862