CVE-2022-39041

aEnrich a+HRD has insufficient user input validation for specific API parameter. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database.
References
Link Resource
https://www.twcert.org.tw/tw/cp-132-6794-35928-1.html Third Party Advisory VDB Entry
https://www.twcert.org.tw/tw/cp-132-6794-35928-1.html Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:aenrich:a\+hrd:6.8:*:*:*:*:*:*:*
cpe:2.3:a:aenrich:a\+hrd:7.0:*:*:*:*:*:*:*

History

21 Nov 2024, 07:17

Type Values Removed Values Added
Summary
  • (es) aEnrich a+HRD tiene una validación de entrada de usuario insuficiente para un parámetro de API específico. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad para inyectar comandos SQL arbitrarios para acceder, modificar y eliminar la base de datos.
References () https://www.twcert.org.tw/tw/cp-132-6794-35928-1.html - Third Party Advisory, VDB Entry () https://www.twcert.org.tw/tw/cp-132-6794-35928-1.html - Third Party Advisory, VDB Entry

Information

Published : 2023-01-03 03:15

Updated : 2024-11-21 07:17


NVD link : CVE-2022-39041

Mitre link : CVE-2022-39041

CVE.ORG link : CVE-2022-39041


JSON object : View

Products Affected

aenrich

  • a\+hrd
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')