CVE-2022-38302 the id parameter of the 'maintenance/manage_department.php' web vulnerability was found to be vulnerable to SQL injection.
Attackers can inject arbitrary SQL code to be executed against the database. In the example below, the code will trigger an alert if SQL code
CVE-2022-38303 Leave Management System v1.0 had a SQL injection vulnerability via the id parameter.
An attacker can exploit this to inject PHP code, extract data, or execute arbitrary SQL commands. This is often a vector for hackers to exploit.
CVE-2022-36257 An SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands.
The vulnerability is due to insufficient validation of user input in the UserDAO method. An attacker can inject malicious code/data into the website and
CVE-2022-36256 A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands.
An attacker can leverage this vulnerability to run arbitrary SQL commands, with the privileges of the user account of the application, where the application is
CVE-2022-36259 An SQL injection vulnerability in ConnectionFactory.java of InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands.
The vulnerable code is present in the method ‘getConnectionFactory()’ which is responsible for connecting new user to InventoryManagementSystem.
ConnectionFactory class is abstract and extends DatabaseConnection
Episode
00:00:00
00:00:00