CVE-2022-39041

aEnrich a+HRD has insufficient user input validation for specific API parameter. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database.
References
Link Resource
https://www.twcert.org.tw/tw/cp-132-6794-35928-1.html Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:aenrich:a\+hrd:6.8:*:*:*:*:*:*:*
cpe:2.3:a:aenrich:a\+hrd:7.0:*:*:*:*:*:*:*

Information

Published : 2023-01-02 19:15

Updated : 2023-01-09 18:19


NVD link : CVE-2022-39041

Mitre link : CVE-2022-39041


JSON object : View

CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Advertisement

dedicated server usa

Products Affected

aenrich

  • a\+hrd