EUVD-2022-29924

Malicious code in bioql PyPI...

CVE-2022-25225

Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. It is also possible to achieve remote code execution in the default installation PostgreSQL by exploiting this issue...

Network Olympus SQL Injection Vulnerability

Network Olympus is Softinventive Lab's enterprise network for agentless monitoring. Network Olympus version 1.8.0 is vulnerable to SQL injection, which stems from a missing sqlparameter JSON parameter in /api/eventinstance validation of external input SQL statements. An attacker could exploit thi...

CVE-2022-25225

Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. It is also possible to achieve remote code execution in the default installation PostgreSQL by exploiting this issue...

CVE-2022-25225

Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. It is also possible to achieve remote code execution in the default installation PostgreSQL by exploiting this issue...

CVE-2022-25225

Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. It is also possible to achieve remote code execution in the default installation PostgreSQL by exploiting this issue...

Remote code execution

Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. It is also possible to achieve remote code execution in the default installation PostgreSQL by exploiting this issue...

Network Olympus SQL注入漏洞

Network Olympus is Softinventive Lab's enterprise network for agentless monitoring. Network Olympus version 1.8.0 is vulnerable to SQL injection, which stems from a missing sqlparameter JSON parameter in /api/eventinstance validation of external input SQL statements. An attacker could exploit thi...

CVE-2022-25225

Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. It is also possible to achieve remote code execution in the default installation PostgreSQL by exploiting this issue...

CVE-2022-25225

Network Olympus 1.8.0 is vulnerable to SQL injection in the /api/eventinstance endpoint via the sqlparameter JSON field, exploitable by an authenticated admin. The issue can also lead to remote code execution in a default PostgreSQL installation. Root cause: lack of input validation/parameter han...