Successful exploitation of this vulnerability allows remote threat actors to read, delete, modify data in the database and gain full control over the affected application. As a result, a remote user can run arbitrary SQL commands in the application database by sending a specially crafted request to the affected application. The SQL Injection vulnerability with code CVE-2022-36961 is caused by insufficient cleaning of user-supplied data.In the Solarwinds Orion platform, which is an IT management and monitoring solution, two critical security vulnerabilities have been identified that may cause threat actors to access sensitive/critical data and execute code on the vulnerable system.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |