2 matches found
CVE-2022-30496
CVE-2022-30496 describes an SQL injection on the login page of MV Informática IDCE MV (version 1.0). The flaw arises in the user field, enabling an attacker to inject SQL payloads and connect to the underlying database to access enterprise‑level private and sensitive information. The provided con...
CVE-2020-23284
The CVE-2020-23284 entry concerns the MV IDCE application v1.0, where information disclosure can occur via crafted ASPX pages appended to the end of the URL, enabling access to internal/sensitive data without logging in. The description indicates the flaw affects end-to-end URL handling that inte...