Topic

XXE

A collection of 8 issues

CVE-2022-37138 The LMS 1.0 is vulnerable to SQL Injection at the login page, which allows attackers to log in as Administrator as username form.

To inject SQL Injection, attacker can send request with SQL statement in the ‘INPUT>’ tag. An attacker can send the following injection request to the login page of Loan Management System to login as Administrator. INPUT type=”hidden” value=”SQL>” ‘ INPUT type=”hidden” value=”SQL>” ‘ In the ‘INPUT>’ tag, attacker
2 min read
Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe