CVE-2022-30496

SQL injection in Logon Page of IDCE MV's application, version 1.0, allows an attacker to inject SQL payloads in the user field, connecting to a database to access enterprise's private and sensitive information.
References
Link Resource
https://www.linkedin.com/pulse/sql-injection-idce-mv-iran-macedo/ Exploit Technical Description Third Party Advisory
https://github.com/ifmacedo/mconnect/blob/main/IDCE-SQLi Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:mv:idce:1.0:*:*:*:*:*:*:*

Information

Published : 2022-06-02 07:15

Updated : 2022-06-10 12:37


NVD link : CVE-2022-30496

Mitre link : CVE-2022-30496


JSON object : View

CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Advertisement

dedicated server usa

Products Affected

mv

  • idce