aEnrich a+HRD has insufficient user input validation for specific API parameter. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/tw/cp-132-6794-35928-1.html | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2023-01-03 03:15
Updated : 2024-02-28 19:51
NVD link : CVE-2022-39041
Mitre link : CVE-2022-39041
CVE.ORG link : CVE-2022-39041
JSON object : View
Products Affected
aenrich
- a\+hrd
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')