CVE-2022-38617
SmartVista SVFE2 v2.2.22 has a SQL injection vulnerability via the voiceAudit:j_id97 parameter at /SVFE2/pages/audit/voiceaudit.jsf. The issue stems from input handling allowing attacker-controlled SQL to affect the backend, with potential impact on confidentiality, integrity, and availability (C...