CVE-2022-28132
CVE-2022-28132
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.2EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
14 mai 2024Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
The T-Soft E-Commerce 4 web application is susceptible to SQL injection (SQLi) attacks when authenticated as an admin or privileged user. This vulnerability allows attackers to access and manipulate the database through crafted requests. By exploiting this flaw, attackers can bypass authentication mechanisms, view sensitive information stored in the database, and potentially exfiltrate data.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
n/a · n/aReferências
https://www.exploit-db.com/exploits/50939