Lucene search
PRIOn knowledge basePRION:CVE-2022-44014HistoryDec 25, 2022 - 5:15 a.m.
Design/Logic Flaw
2022-12-2505:15:00
PRIOn knowledge base
www.prio-n.com
1
simmeth lieferantenmanager
api design
arbitrary sql tables
user passwords
mssql hashes
data leakage
An issue was discovered in Simmeth Lieferantenmanager before 5.6. In the design of the API, a user is inherently able to fetch arbitrary SQL tables. This leaks all user passwords and MSSQL hashes via /DS/LM_API/api/SelectionService/GetPaggedTab.
| CPE | Name | Operator | Version |
|---|---|---|---|
| lieferantenmanager | lt | 5.6 |
Related
nvd
nvd
CVE-2022-44014
2022-12-25 05:15:10
cve
cve
CVE-2022-44014
2022-12-25 05:15:10
cnvd
cnvd
Simmeth System Supplier Manager Design Error Vulnerability
2022-11-21 00:00:00
cvelist
cvelist
CVE-2022-44014
2022-12-25 00:00:00
zdt
zdt
packetstorm
packetstorm
Simmeth System GmbH Supplier Manager LFI / SQL Injection / Bypass
2022-11-15 00:00:00