Authentication Bypass via SQL Injection in Directory Management System v1.0

Authentication Bypass via SQL Injection in Directory Management System v1.0

CVE-2022-29006 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.