aEnrich a+HRD has insufficient user input validation for specific API parameter. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/tw/cp-132-6794-35928-1.html | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: twcert
Published: 2023-01-03T00:00:00
Updated: 2023-01-03T00:00:00
Reserved: 2022-08-30T00:00:00
Link: CVE-2022-39041
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-01-03T03:15:09.800
Modified: 2023-01-10T02:19:43.613
Link: CVE-2022-39041
JSON object: View
Redhat Information
No data.
CWE