China National Vulnerability DatabaseCNVD-2022-74074Online Diagnostic Lab Management System SQL Injection Vulnerability
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Online Diagnostic Lab Management System is an online diagnostic lab management system that provides a variety of diagnostic tasks online. online Diagnostic Lab Management System is vulnerable to SQL injection in version v1.0. The vulnerability stems from the affected version not properly filtering user parameters. A SQL injection vulnerability was discovered in Online Diagnostic Lab Management System containing a SQL injection vulnerability via the id parameter /odlms/classes/Master.php?f=delete_message. An attacker could use this vulnerability to launch a targeted attack against a target and compromise the site system security.
| CPE | Name | Operator | Version |
|---|---|---|---|
| online diagnostic lab management system online diagnostic lab management system v | eq | 1.0 |
Related
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H