CRITICAL🇵🇱 Wersja polska

CVE-2022-39041

CVSS 9.8v3.1pub. 2023-01-03upd. 2024-11-21

aEnrich a+HRD has insufficient user input validation for specific API parameter. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Aenrich A\+hrd

    APP
    Aenrich
    6.87.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2025-12871CRITICAL9.3PL ✓ten sam produkt

Aenrich A+HRD – obejście uwierzytelnienia przez fałszywe tokeny administratora

CVE-2025-12870CRITICAL9.3PL ✓ten sam produkt

Authentication Abuse w aEnrich a+HRD — przejęcie tokenu administratora

CVE-2025-0585CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Aenrich A+HRD — nieuwierzytelniony zdalny dostęp do bazy danych

CVE-2023-20853CRITICAL9.8ten sam produkt

aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ asynchronize...

CVE-2023-20852CRITICAL9.8ten sam produkt

aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ interpreter....