CVE-2022-30335

Name of the Vulnerable Software and Affected Versions Bonanza Wealth Management System (BWM) version 7.3.2

Description The issue allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords in encrypted format from the Microsoft SQL Server component.

Recommendations For Bonanza Wealth Management System (BWM) version 7.3.2, consider disabling the login form functionality until a patch is available to prevent potential SQL injection attacks. Restrict access to the Microsoft SQL Server component to minimize the risk of exploitation. Avoid using the User Name textbox in the login form until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.