Vulnerability CVE-2022-44015


Published: 2022-12-25

Description:
An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can inject raw SQL queries. By activating MSSQL features, the attacker is able to execute arbitrary commands on the MSSQL server via the xp_cmdshell extended procedure.

See advisories in our WLB2 database:
Topic
Author
Date
High
Simmeth System GmbH Supplier Manager LFI / SQL Injection / Bypass
Steffen Robertz
15.11.2022

 References:
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-simmeth-system-gmbh-lieferantenmanager/

Copyright 2024, cxsecurity.com

 

Back to Top