4 matches found
CVE-2022-44014
An issue was discovered in Simmeth Lieferantenmanager before 5.6. In the design of the API, a user is inherently able to fetch arbitrary SQL tables. This leaks all user passwords and MSSQL hashes via /DS/LMAPI/api/SelectionService/GetPaggedTab...
CVE-2022-44014
creationtimestamp| type| source ---|---|--- 2022-12-25 07:39:54+00:00| seen| https://t.me/cibsecurity/55298...
CVE-2022-44014
Summary: CVE-2022-44014 affects Simmeth Lieferantenmanager (pre-5.6). The API design flaw in /DS/LM_API/api/SelectionService/GetPaggedTab allows a user to fetch arbitrary SQL tables, leaking all user passwords and MSSQL hashes. The issue originates from the API’s access control/validation, enabli...
CVE-2022-44014
An issue was discovered in Simmeth Lieferantenmanager before 5.6. In the design of the API, a user is inherently able to fetch arbitrary SQL tables. This leaks all user passwords and MSSQL hashes via /DS/LMAPI/api/SelectionService/GetPaggedTab...