CVE-2022-34324 Information

Description

Multiple SQL injections in Sage XRT Business Exchange 12.4.302 allow an authenticated attacker to inject malicious data in SQL queries: Add Currencies Payment Order and Transfer History.

Reference

https://www.synacktiv.com/sites/default/files/2022-12/sage_xrt_multiple_sqli_1.pdf