18 matches found
EUVD-2022-38975
Malicious code in bioql PyPI...
EUVD-2022-38973
Malicious code in bioql PyPI...
Sql injection
A SQL injection vulnerability in ConnectionFactory.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "username", "password", etc...
Sql injection
A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt"...
CVE-2022-36257
The vulnerability CVE-2022-36257 affects sazanrjb’s InventoryManagementSystem 1.0, specifically the UserDAO.java component. It is a SQL injection flaw that allows attackers to execute arbitrary SQL commands through input parameters such as users and pass, enabling unauthorized access or manipulat...
CVE-2022-36257
A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "users", "pass", etc...
CVE-2022-36255
The CVE-2022-36255 entry concerns a SQL injection in sazanrjb’s InventoryManagementSystem 1.0, specifically in SupplierDAO.java where the vulnerability can be triggered via input parameters such as searchTxt. The affected software/component is the InventoryManagementSystem (sa zanrjb) version 1.0...
CVE-2022-35599
A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter productcode...
CVE-2022-35601
A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt...
CVE-2022-35602
A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter user...
Sql injection
A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter 'searchTxt'...
Sql injection
A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter user...
CVE-2022-35606
The CVE-2022-35606 entry concerns a SQL injection in sazanrjb InventoryManagementSystem 1.0, specifically in CustomerDAO.java via the customerCode parameter. Multiple sources (NVD, Red Hat, CNA/CVELIST, CNNVD, PRION, PT-Security) confirm a vulnerability in the InventoryManagementSystem where an a...
CVE-2022-35602
CVE-2022-35602 is a SQL injection vulnerability affecting sazanrjb InventoryManagementSystem 1.0, in UserDAO.java, allowing an attacker to execute arbitrary SQL commands via the user parameter. Multiple sources (NVD, Red Hat, CVE lists) confirm the issue; CVSS v3.1 score is 9.8 (CRITICAL), with n...
CVE-2022-35602
A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter user...
CVE-2022-35601
CVE-2022-35601 is a SQL injection vulnerability in the sazanrjb InventoryManagementSystem 1.0, located in SupplierDAO.java where the vulnerable parameter is searchTxt. The issue allows attackers to execute arbitrary SQL commands via that parameter. Public sources (NVD and related records) confirm...
CVE-2022-35598
CVE-2022-35598 affects InventoryManagementSystem 1.0 (sazanrjb). The vulnerability is a SQL injection in ConnectionFactoryDAO.java that allows an attacker to execute arbitrary SQL commands through the username parameter. This is supported by multiple sources (NVD entry for CVE-2022-35598 with CVS...
CVE-2022-35604
CVE-2022-35604 is a duplicate of CVE-2022-35601. Connected documents provide concrete details for 35601: a SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 that allows attackers to execute arbitrary SQL commands via the parameter searchTxt. Affected softwa...