CVE-2022-28132

May 14, 2024, 9:15 p.m.

None
No Score

Description

The T-Soft E-Commerce 4 web application is susceptible to SQL injection (SQLi) attacks when authenticated as an admin or privileged user. This vulnerability allows attackers to access and manipulate the database through crafted requests. By exploiting this flaw, attackers can bypass authentication mechanisms, view sensitive information stored in the database, and potentially exfiltrate data.

Product(s) Impacted

Product Versions
T-Soft E-Commerce
  • ['4']

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://www.exploit-db.com/exploits/50939

Tags

cve@mitre.org
2024-05-14
CVE-2022-28132

Timeline

Published: May 14, 2024, 9:15 p.m.
Last Modified: May 14, 2024, 9:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.