Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Public Reference for CVE-2022-36259

Product: InvetoryManagementSystem


Affected Version(s): 1.0

CVE ID: CVE-2022-36259

Description: A SQL injection vulnerability in in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "username", "password", etc.

Vulnerability Type: SQL injection

Root Cause: Multiple methods and their parameters such as checkLogin(String username,String password, String user) in source file do not have user input sanitiazation.

Impact: An attacker is able to extract sensitive data from the database.


  1. Set value of parameter "username" as '--.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment