Lucene search

[email protected]CVE-2022-29009

HistoryMay 11, 2022 - 2:15 p.m.

CVE-2022-29009

2022-05-1114:15:08

CWE-89

[email protected]

web.nvd.nist.gov

cve-2022-29009

sql injection

admin panel

cyber cafe management system

authentication bypass

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.134 Low

EPSS

Percentile

95.6%

JSON

Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication.

Affected configurations

NVD

Node

phpgurukulcyber_cafe_management_systemMatch1.0

CPENameOperatorVersion
phpgurukul:cyber_cafe_management_systemphpgurukul cyber cafe management systemeq1.0

CPE	Name	Operator	Version
phpgurukul:cyber_cafe_management_system	phpgurukul cyber cafe management system	eq	1.0

References

github.com/sudoninja-noob/CVE-2022-29009/blob/main/CVE-2022-29009.txt

www.exploit-db.com/exploits/50355

Social References

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.134 Low

EPSS

Percentile

95.6%

JSON

Related for CVE-2022-29009

cvelist1 nvd1 prion1 cnvd1 nuclei1