CVE-2022-2706

🗓️ 08 Aug 2022 12:50:37Reported by VulDBType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 57 Views🌐 WEB

A critical vulnerability in SourceCodester Online Class and Exam Scheduling System 1.0 allows remote attackers to conduct SQL injection via the class_sched.php file

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2022-2706	8 Aug 202216:23	–	circl
CNNVD	Online Class and Exam Scheduling System SQL注入漏洞	8 Aug 202200:00	–	cnnvd
Cvelist	CVE-2022-2706 SourceCodester Online Class and Exam Scheduling System class_sched.php sql injection	8 Aug 202212:50	–	cvelist
EUVD	EUVD-2022-34951	3 Oct 202520:07	–	euvd
NVD	CVE-2022-2706	8 Aug 202213:15	–	nvd
OSV	CVE-2022-2706	8 Aug 202213:15	–	osv
Prion	Sql injection	8 Aug 202213:15	–	prion
Positive Technologies	PT-2022-18198 · Unknown · Sourcecodester Online Class/Exam Scheduling System	8 Aug 202200:00	–	ptsecurity
RedhatCVE	CVE-2022-2706	23 May 202501:01	–	redhatcve
Vulnrichment	CVE-2022-2706 SourceCodester Online Class and Exam Scheduling System class_sched.php sql injection	8 Aug 202212:50	–	vulnrichment

NVD

Vulners

Node

fabian online_class_and_exam_scheduling_systemMatch1.0

[
  {
    "product": "Online Class and Exam Scheduling System",
    "vendor": "SourceCodester",
    "versions": [
      {
        "status": "affected",
        "version": "1.0"
      }
    ]
  }
]

Source	Link
github	www.github.com/anx0ing/CVE_demo/blob/main/2022/Online%20Class%20and%20Exam%20Scheduling%20System-SQL%20injections.md
vuldb	www.vuldb.com/

Parameter	Position	Path	Description	CWE
class	query param	/pages/class_sched.php	SQL injection via vulnerable class parameter leading to remote code/database access (CVE-2022-2706, CWE-89).	CWE-89

12 Dec 2024 15:58Current

9.8High risk

Vulners AI Score9.8

CVSS 3.16.3 - 9.8

EPSS0.00245

SSVC

CWE-89