Filtered by vendor Softinventive Subscriptions
Filtered by product Network Olympus Subscriptions
Total 1 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-25225 1 Softinventive 1 Network Olympus 2024-11-21 7.2 High
Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. It is also possible to achieve remote code execution in the default installation (PostgreSQL) by exploiting this issue.