Skip to content
/ CVE-2022-27434 Public

UNIT4 TETA Mobile Edition 29HF13 was discovered to contain a SQL injection vulnerability via the ProfileName parameter in the errorReporting page.

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

LongWayHomie/CVE-2022-27434

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
README.md
README.md
 
 

Repository files navigation

CVE-2022-27434

UNIT4 TETA Mobile Edition 29HF13 was discovered to contain a SQL injection vulnerability via the ProfileName parameter in the errorReporting page.

The vulnerability exist in the error page generated by the application (in this case: while changing password). Adding quotation mark to the ProfileName parameter will generate Oracle database error, meaning that the input is not being sanitized.

Request

sqli_req_marked

Response

sqli_resp_marked

Remediation

The vulnerability already has been reported to the UNIT4 via their service portal. The patch is already available to download (29.5.HF17).

About

UNIT4 TETA Mobile Edition 29HF13 was discovered to contain a SQL injection vulnerability via the ProfileName parameter in the errorReporting page.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published