CVE-2022-36594 Mapper v4.0.0 to v4.2.0 had a SQL injection vulnerability.

A successful exploit could cause denial-of-service condition or install malicious code on the application server. Mapper v4.0.0 to v4.2.0 was discovered to have a Denial of Service vulnerability due to a lack of input validation on crafted parameters.

Mapper v4.0.0 to v4.2.0 was discovered to have a Cross-site Scripting vulnerability via the uid parameter at the user_id action.

Mapper v4.0.0 to v4.2.0 was discovered to have a SQL injection vulnerability via the ids parameter at the selectByIds function.

Mapper v4.0.0 to v4.2.0 was discovered to have a Cross-site scripting vulnerability via the uid parameter at the user_id action.

Mapper v4.0.0 to v4.2.0 was discovered to have a SQL injection vulnerability via the id parameter at the selectByIds function.

Mapper v4.0.0 to v4.2.0 was discovered to have a SQL injection vulnerability via the id parameter at the selectByIds function.

Mapper v4.0.0 to v4.2.0 was discovered to have a SQL injection vulnerability via the id parameter at the selectByIds function.

Mapper v4.0.0 to v4.2.0 was discovered to

Mapper v4.2.0 to v4.2.1 was released to resolve the SQL injection vulnerability.


Mapper v4.2.0 to v4.2.1 was released to resolve the SQL injection vulnerability via the ids parameter at the selectByIds function.

Mapper v4.2.0 to v5.0.0

A successful exploit could cause denial-of-service condition or install malicious code on the application server. Mapper v4.2.0 to v5.0.0 was discovered to have a Denial of Service vulnerability due to a lack of input validation on crafted parameters.
Mapper v4.2.0 to v5.0.0 was discovered to have a Cross-site Scripting vulnerability via the uid parameter at the user_id action, a SQL injection vulnerability via the ids parameter at the selectByIds function, and a SQL injection vulnerability via the id parameter at the selectByIds function

Timeline

Published on: 09/02/2022 04:15:00 UTC
Last modified on: 09/02/2022 21:45:00 UTC

References