CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /feegroups/tgrt_group.jsf.

An attacker requires an account on the SmartVista SVFE2. An attacker can use a quote character to break query string and inject sql payload to "UserForm:j\_id90" parameter (Description) in /SVFE2/pages/feegroups/tgrt\_group.jsf. Response data could help an attacker identify whether an injected SQL query is correct or not.

Headline

CVE-2022-38616: SQL Injection in Terminal Tariff Group feature of SmartVista SVFE2 version 2.2.22 (CVE-2022-38616)

CVE: Latest News