SQL Injection Vulnerability in Simple Subscription Website v1.0 Allows Database Dump via Crafted HTTP Requests

SQL Injection Vulnerability in Simple Subscription Website v1.0 Allows Database Dump via Crafted HTTP Requests

CVE-2022-26285 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.