Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-35606PUBLISHED: 2022-08-18A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameter 'customerCode.'
CVE-2022-35598PUBLISHED: 2022-08-18A SQL injection vulnerability in ConnectionFactoryDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter username.
CVE-2022-35599PUBLISHED: 2022-08-18A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter productcode.
CVE-2022-35601PUBLISHED: 2022-08-18A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt.
CVE-2022-35602PUBLISHED: 2022-08-18A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter user.
User Rank: Strategist
11/22/2013 | 2:43:40 PM
Any Internet company would have started with a website where people signed up to get a notification when the live site was available, and invitations would then be metered out to those people to try it before it went live to any larger group. That kind of slow roll out could have identified scalability problems early and minimized security issues.