Lucene search
China National Vulnerability DatabaseCNVD-2023-22648HistoryNov 21, 2022 - 12:00 a.m.
Simmeth System Supplier Manager SQL Injection Vulnerability
2022-11-2100:00:00
China National Vulnerability Database
www.cnvd.org.cn
7
simmeth system supplier manager
sql injection
vulnerability
germany
supply chain software
exploited
mssql server
xp_cmdshell
EPSS
0.003
Percentile
70.3%
Simmeth System Supplier Manager is a supply chain software from Simmeth System GmbH, Germany.A SQL injection vulnerability exists in versions prior to Simmeth System GmbH Supplier Manager 5.6. The vulnerability stems from the application’s lack of validation of externally entered SQL statements, which could be exploited by an attacker to can use this vulnerability to inject raw SQL queries and execute arbitrary commands on the MSSQL server via the xp_cmdshell extension process.
Related
cve
cve
CVE-2022-44015
2022-12-25 05:15:10
cvelist
cvelist
CVE-2022-44015
2022-12-25 00:00:00
nvd
nvd
CVE-2022-44015
2022-12-25 05:15:10
prion
prion
Sql injection
2022-12-25 05:15:00
zdt
zdt
packetstorm
packetstorm
Simmeth System GmbH Supplier Manager LFI / SQL Injection / Bypass
2022-11-15 00:00:00