CVE-2022-36259 Information

Description

A SQL injection vulnerability in ConnectionFactory.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as �sername\ \password\ etc.

Reference

https://github.com/sazanrjb/InventoryManagementSystem https://gist.github.com/ziyishen97/47666f584cd4cdad1d0f6af5f33a56db https://github.com/sazanrjb/InventoryManagementSystem/issues/14