PT-2024-11546 · Tg Soft · T-Soft E-Commerce 4
Alperen Ergel
·
Published
2024-05-14
·
Updated
2024-08-23
·
CVE-2022-28132
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
T-Soft E-Commerce 4 (affected versions not specified)
Description
The T-Soft E-Commerce 4 web application is susceptible to SQL injection attacks when authenticated as an admin or privileged user. This issue allows attackers to access and manipulate the database through crafted requests, bypass authentication mechanisms, view sensitive information stored in the database, and potentially exfiltrate data.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
T-Soft E-Commerce 4