Vulnerability Details CVE-2022-35598
A SQL injection vulnerability in ConnectionFactoryDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter username.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.0%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2022-35598
-
cpe:2.3:a:inventorymanagementsystem_project:inventorymanagementsystem:1.0