2 matches found
CVE-2022-25225
Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. It is also possible to achieve remote code execution in the default installation PostgreSQL by exploiting this issue...
CVE-2022-25225
Network Olympus 1.8.0 is vulnerable to SQL injection in the /api/eventinstance endpoint via the sqlparameter JSON field, exploitable by an authenticated admin. The issue can also lead to remote code execution in a default PostgreSQL installation. Root cause: lack of input validation/parameter han...