2 matches found
CVE-2022-0757
Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow a logged-in, authenticated attacker to manipulate the "ANY" and "OR" operators in the SearchCriteria and inject SQL code...
CVE-2022-0757
Rapid7 Nexpose versions 6.6.93 and earlier are vulnerable to an SQL injection caused by insufficient validation of search operators in SearchCriteria, allowing a logged-in, authenticated attacker to manipulate the ANY and OR operators and inject SQL code. The issue has a confirmed fix in Rapid7 N...