2 matches found
CVE-2022-24848 SQL Injection in DHIS2's in OrgUnit program association
DHIS2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability affects the /api/programs/orgUnits?programs= API endpoint in DHIS2 versions prior to 2.36.10.1 and 2.37.6.1. The system is vulnerable to attack only from...
CVE-2022-24848
DHIS2 SQL Injection (CVE-2022-24848) affects the API endpoint /api/programs/orgUnits?programs= for DHIS2 versions prior to 2.36.10.1 and 2.37.6.1. The vulnerability requires the attacker to be logged in as a DHIS2 user and could allow reading, editing, or deleting data in the instance’s database....