CVE-2022-28132

{"id": "CVE-2022-28132", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2024-05-14T21:15:11.760", "references": [{"url": "https://www.exploit-db.com/exploits/50939", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/50939", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "The T-Soft E-Commerce 4 web application is susceptible to SQL injection (SQLi) attacks when authenticated as an admin or privileged user. This vulnerability allows attackers to access and manipulate the database through crafted requests. By exploiting this flaw, attackers can bypass authentication mechanisms, view sensitive information stored in the database, and potentially exfiltrate data."}, {"lang": "es", "value": "La aplicaci\u00f3n web T-Soft E-Commerce 4 es susceptible a ataques de inyecci\u00f3n SQL (SQLi) cuando se autentica como administrador o usuario privilegiado. Esta vulnerabilidad permite a los atacantes acceder y manipular la base de datos mediante solicitudes manipuladas. Al explotar esta falla, los atacantes pueden eludir los mecanismos de autenticaci\u00f3n, ver informaci\u00f3n confidencial almacenada en la base de datos y potencialmente filtrar datos."}], "lastModified": "2024-11-21T06:56:48.713", "sourceIdentifier": "[email protected]"}