CVE-2022-43179 an SQL injection was found in the Leave Management System v1.0 admin component /admin/?page=user/manage_user&id=

CVE-2022-43179 an SQL injection was found in the Leave Management System v1.0 admin component /admin/?page=user/manage_user&id=

An attacker can exploit this coding weakness to inject SQL commands into the application, giving them the power to compromise the system and access data.

An attacker can exploit this coding weakness to inject SQL commands into the application, giving them the power to compromise the system and access data. A review of the source code for v1.0 discovered that the component /admin/?page=user/manage_user&id= was vulnerable to a reflected XSS injection flaw.

A review of the source code for v1.0 discovered that the component /admin/?page=user/manage_user&id= was vulnerable to a reflected XSS injection flaw. A search of the source code for v1.1 and v2.0 also reveals a vulnerability to an XSS injection flaw that an attacker can exploit to inject malicious code into the application. The component /admin/?page=user/manage_user&id= was also found to be vulnerable to a stored XSS injection flaw. An attacker can exploit this weakness to inject malicious code into the system’s database, giving them the power to compromise the system and access data. In addition to XSS injection vulnerabilities, the component /admin/?page=user/manage_user&id= was also discovered to be vulnerable to a SQL injection flaw. An attacker can exploit this weakness to inject malicious code into the application’s database, giving them the power to compromise the system and access data

Themes, plugins and other code components

Improper Neutralization of Special Characters

An attacker can exploit this coding weakness to inject SQL commands into the application, giving them the power to compromise the system and access data. A review of the source code for v1.0 discovered that the component /admin/?page=user/manage_user&id= was vulnerable to a reflected XSS injection flaw. A search of the source code for v1.1 and v2.0 also reveals a vulnerability to an XSS injection flaw that an attacker can exploit to inject malicious code into the application. The component /admin/?page=user/manage_user&id= was also found to be vulnerable to a stored XSS injection flaw. An attacker can exploit this weakness to inject malicious code into the system’s database, giving them the power to compromise the system and access data. In addition to XSS injection vulnerabilities, the component /admin/?page=user/manage_user&id= was also discovered to be vulnerable to a SQL injection flaw. An attacker can exploit this weakness to inject malicious code into the application’s database, giving them the power to compromise the system and access data

SQL Injection Vulnerability

A search of the source code for v1.1 and v2.0 also reveals a vulnerability to an XSS injection flaw that an attacker can exploit to inject malicious code into the application. The component /admin/?page=user/manage_user&id= was also found to be vulnerable to a stored XSS injection flaw. An attacker can exploit this weakness to inject malicious code into the system’s database, giving them the power to compromise the system and access data. In addition to XSS injection vulnerabilities, the component /admin/?page=user/manage_user&id= was also discovered to be vulnerable to a SQL injection flaw. An attacker can exploit this weakness to inject malicious code into the application’s database, giving them the power to compromise the system and access data.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe