CVE-2022-36276

TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'. The exploitation of this vulnerability might allow a remote attacker to directly interact with the database...

TCMAN GIM SQL Injection Vulnerability

TCMAN GIM is a CMMS from TCMAN that can be used in a variety of areas: industry, facilities, healthcare, fleet and maintenance services. A SQL injection vulnerability exists in TCMAN GIM v8.0.1, which can be exploited by remote attackers to interact directly with the database via the SqlWhere...

SQL Injection

net.mingsoft, ms-mcms is vulnerable to SQL injection. The vulnerability exists due to improper sanitization in the get function of categoryaction.java due to manipulation in the argument sqlWhere, via the /cms/category/list endpoint...

Mingsoft MCMS SQL注入漏洞

MingSoft MCMS is a complete open source J2ee system from China's MingSoft. A SQL injection vulnerability exists in MingSoft MCMS versions prior to 5.2.9, which stems from incorrect manipulation of the parameter sqlWhere resulting in sql injection...