CVE-2022-35864

MEDIUM Year: 2022
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-89
View all →

Vulnerability Description

This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetPopupSubQueryDetails endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16690.

Related Vulnerabilities

CVE-2017-16733

MEDIUM
CVSS:5.3(Medium)

A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information f...

CWE-892017

CVE-2017-16735

MEDIUM
CVSS:5.3(Medium)

A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log.

CWE-892017

CVE-2018-17542

MEDIUM
CVSS:5.3(Medium)

SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter ...

CWE-892018

CVE-2018-5443

MEDIUM
CVSS:5.3(Medium)

A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. WebAccess/SCADA does not properly sanitize its inputs for SQL commands.

CWE-892018

CVE-2019-14430

MEDIUM
CVSS:5.3(Medium)

plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows SQL Injection.

CWE-892019

CVE-2019-3797

MEDIUM
CVSS:5.3(Medium)

This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more resul...

CWE-892019