SQL Injection Vulnerability in Bonanza Wealth Management System (BWM) 7.3.2 Login Form

SQL Injection Vulnerability in Bonanza Wealth Management System (BWM) 7.3.2 Login Form

CVE-2022-30335 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Bonanza Wealth Management System (BWM) 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords in encrypted format from the Microsoft SQL Server component.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.