CVE-2022-36257 An SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands.
The vulnerability is due to insufficient validation of user input in the UserDAO method. An attacker can inject malicious code/data into the website and
CVE-2022-36256 A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands.
An attacker can leverage this vulnerability to run arbitrary SQL commands, with the privileges of the user account of the application, where the application is
CVE-2022-36259 An SQL injection vulnerability in ConnectionFactory.java of InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands.
The vulnerable code is present in the method ‘getConnectionFactory()’ which is responsible for connecting new user to InventoryManagementSystem.
ConnectionFactory class is abstract and extends DatabaseConnection
CVE-2022-37794 In Library Management System 1.0 the id_no parameters are vulnerable to SQL injection.
As shown in the below example, when you enter the id_no value (with the ‘/’ prefix) into the ‘Search In’ field of the search form,
CVE-2021-44835 An issue was found in Active Intelligent Visualization 5. The Vdc header is used in a SQL query without being sanitized.
This problem can lead to data being exposed in the query like this example where a user name and password are input in the Vdc
Episode
00:00:00
00:00:00