CVE-2022-28132 The CVE I received for the SQL injection vulnerability I found in the T-Soft e-commerce content management system and the PoC I shared in the exploit-db Exploit-DB wwwexploit-dbcom/exploits/50939
The T-Soft E-Commerce 4 web application is susceptible to SQL injection (SQLi) attacks when authenticated as an admin or privileged user. This vulnerability allows malicious users to access and manipulate the database through crafted requests. By exploiting this flaw, attackers can bypass authentication mechanisms, view sensitive information stored in the database, and potentially exfiltrate data.