2 matches found
Lansweeper SQL Injection (CVE-2022-21234)
An SQL injection vulnerability exists in Lansweeper. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
CVE-2022-21234
Lansweeper 9.1.20.2 EchoAssets.aspx contains an SQL injection via an unsanitized order parameter used in a dynamic ORDER BY clause. An authenticated user with permissions can trigger remote code execution through a crafted request. Exploitation details and PoC are documented by Talos (TL;CVSSv3 9...