CVE-2022-43135 The v1.0 of the Diagnostic Lab Management System was discovered to contain a SQL injection vulnerability via the username parameter.

CVE-2022-43135 The v1.0 of the Diagnostic Lab Management System was discovered to contain a SQL injection vulnerability via the username parameter.

Reportedly, a low severity issue where an attacker can create a new user with the ‘Create’ privilege via the username parameter at /admin/settings.

The reported SQL injection vulnerability allows attackers to inject own SQL code or code of other applications via the login.php or settings.php files.

If you have installed or are using this product, it is recommended to apply the update immediately.

Datto Dyn a-Tune


Datto Dyna-Tune is a tool that is intended to help IT professionals manage their backup and recovery process.

What is WordPress ?

WordPress is a software platform that allows web designers and developers to create their own website without having to know the HTML code. With WordPress, you can add pages, blog posts, and more with no coding knowledge required. It also comes with a "back end" which includes a dashboard where you can customize your site into what you want it to be.
The reported SQL injection vulnerability allows attackers to inject own SQL code or code of other applications via the login.php or settings.php files at /admin/settings and /admin/user/create .
If you have installed or are using this product, it is recommended to apply the update immediately.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe