Weitong Mall OrderDao.xml sql injection
CVE-2022-4961

5.5MEDIUM

Key Information:

Vendor

Weitong

Status
Mall
Vendor
CVE Published:
12 January 2024

What is CVE-2022-4961?

A vulnerability exists in Weitong Mall version 1.0.0, associated with an unknown functionality within the OrderDao.xml file. This flaw allows for SQL injection attacks, which can lead to unauthorized access to databases, manipulation of data, and potential data breaches. The vulnerability arises from improper handling of inputs in the argument sidx/order. Attackers exploiting this vulnerability could execute arbitrary SQL queries, compromising the security and integrity of the application. To mitigate this risk, it is essential to validate user inputs and employ prepared statements in database interactions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Mall 1.0.0

References

https://vuldb.com/?id.250243
vdb-entrytechnical-description
https://vuldb.com/?ctiid.250243
signaturepermissions-required
https://gitee.com/fuyang_lipengjun/platform/issues/I5XC79
issue-tracking

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

CVSS V3.0

Score:
5.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

puppy (VulDB User)
JSON
.