Vulnerability Details CVE-2022-30335
Bonanza Wealth Management System (BWM) 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords in encrypted format from the Microsoft SQL Server component.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://gist.github.com/aliceicl/b2f25f3a0a3ba9973e4977f922d04008
- https://incognitolab.com
- https://www.wealth.co.th/products/bonanza-wealth-management/
- https://gist.github.com/aliceicl/b2f25f3a0a3ba9973e4977f922d04008
- https://incognitolab.com
- https://www.wealth.co.th/products/bonanza-wealth-management/
Products affected by CVE-2022-30335
-
cpe:2.3:a:wealth:bonanza_wealth_management_system:7.3.2