CVE-2022-36255

HIGH

sazanrjb InventoryManagementSystem 1.0 - SQL Injection

Title source: llm
STIX 2.1

Description

A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt".

References (3)

Core 3
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/sazanrjb/InventoryManagementSystem/issues/14
Product, Third Party Advisory x_refsource_misc
https://github.com/sazanrjb/InventoryManagementSystem
Exploit, Third Party Advisory x_refsource_misc
https://gist.github.com/ziyishen97/268678bca3034c64861b135946ee9fc3

Scores

CVSS v3 7.5
EPSS 0.0076
EPSS Percentile 50.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-89
Status published
Products (1)
inventorymanagementsystem_project/inventorymanagementsystem 1.0
Published Sep 12, 2022
Tracked Since Feb 18, 2026