CVE-2022-28132
HIGHT-Soft E-Commerce 4 - SQL Injection
Title source: llmDescription
The T-Soft E-Commerce 4 web application is susceptible to SQL injection (SQLi) attacks when authenticated as an admin or privileged user. This vulnerability allows attackers to access and manipulate the database through crafted requests. By exploiting this flaw, attackers can bypass authentication mechanisms, view sensitive information stored in the database, and potentially exfiltrate data.
Exploits (1)
exploitdb
WORKING POC
by Alperen Ergel · textwebappsmultiple
https://www.exploit-db.com/exploits/50939
Scores
CVSS v3
7.2
EPSS
0.0006
EPSS Percentile
18.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Published
May 14, 2024
Tracked Since
Feb 18, 2026