4 matches found
Lansweeper SQL Injection (CVE-2022-21210)
An SQL injection vulnerability exists in Lansweeper. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
CVE-2022-21210
creationtimestamp| type| source ---|---|--- 2022-04-15 00:19:32+00:00| seen| https://t.me/cibsecurity/40820...
CVE-2022-21210
An SQL injection vulnerability exists in the AssetActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2022-21210
CVE-2022-21210 affects Lansweeper 9.1.20.2 and is due to an unsanitized fieldSelect parameter in AssetActions.aspx, leading to SQL injection. An authenticated user with EditData permissions can trigger the vulnerability via a crafted POST to /AssetActions.aspx?action=assetfieldschange, potentiall...