CVE-2022-35606

Name of the Vulnerable Software and Affected Versions sazanrjb InventoryManagementSystem version 1.0

Description A SQL injection issue allows attackers to execute arbitrary SQL commands via the parameter customerCode in CustomerDAO.java. This enables unauthorized access and manipulation of database content.

Recommendations For sazanrjb InventoryManagementSystem version 1.0, consider restricting access to the customerCode parameter to minimize the risk of exploitation. As a temporary workaround, restrict the use of the vulnerable CustomerDAO.java component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.