CVE-2022-25225
Network Olympus 1.8.0 is vulnerable to SQL injection in the /api/eventinstance endpoint via the sqlparameter JSON field, exploitable by an authenticated admin. The issue can also lead to remote code execution in a default PostgreSQL installation. Root cause: lack of input validation/parameter han...