Lucene search

[email protected]CVE-2022-3471

HistoryOct 13, 2022 - 4:15 a.m.

CVE-2022-3471

2022-10-1304:15:10

CWE-707

CWE-89

[email protected]

web.nvd.nist.gov

cve-2022-3471

vulnerability

sourcecodester

human resource management system

sql injection

city.php

remote attack

vdb-210715

nvd

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.4%

JSON

A vulnerability was found in SourceCodester Human Resource Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file city.php. The manipulation of the argument searccity leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-210715.

Affected configurations

NVD

Node

oretnom23human_resource_management_systemMatch-

CPENameOperatorVersion
oretnom23:human_resource_management_systemoretnom23 human resource management systemeq-

CPE	Name	Operator	Version
oretnom23:human_resource_management_system	oretnom23 human resource management system	eq	-

CNA Affected

[
  {
    "vendor": "SourceCodester",
    "product": "Human Resource Management System",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  }
]

References

github.com/Hanfu-l/POC-Exp/blob/main/The%20Human%20Resource%20Management%20System%20searccity%20parameter%20is%20injected.pdf

vuldb.com/?id.210715

Social References