CVE-2022-36258

Опубликовано: 12 сент. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt".

Ссылки

https://gist.github.com/ziyishen97/3553468b534c250f7b0d47e8a4c5fa52
Exploit
Third Party Advisory
https://github.com/sazanrjb/InventoryManagementSystem
Product
Third Party Advisory
https://github.com/sazanrjb/InventoryManagementSystem/issues/14
Exploit
Issue Tracking
Third Party Advisory
https://gist.github.com/ziyishen97/3553468b534c250f7b0d47e8a4c5fa52
Exploit
Third Party Advisory
https://github.com/sazanrjb/InventoryManagementSystem
Product
Third Party Advisory
https://github.com/sazanrjb/InventoryManagementSystem/issues/14
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:inventorymanagementsystem_project:inventorymanagementsystem:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 53%

0.00306

Низкий

7.5 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-4x5q-4j9q-jcv8