A SQL Injection issue in Merchandise Online Store v.1.0 allows an attacker to log in to the admin account.
References
Link | Resource |
---|---|
https://github.com/draco1725/sqlinj/blob/main/poc | Exploit Third Party Advisory |
https://github.com/draco1725/sqlinj/blob/main/poc | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:24
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/draco1725/sqlinj/blob/main/poc - Exploit, Third Party Advisory |
19 Oct 2022, 15:05
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/draco1725/sqlinj/blob/main/poc - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:merchandise_online_store_project:merchandise_online_store:1.0:*:*:*:*:*:*:* | |
CWE | CWE-89 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
17 Oct 2022, 14:22
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-10-17 14:15
Updated : 2025-05-10 03:15
NVD link : CVE-2022-42237
Mitre link : CVE-2022-42237
CVE.ORG link : CVE-2022-42237
JSON object : View
Products Affected
merchandise_online_store_project
- merchandise_online_store
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')