Lucene search

[email protected]CVE-2022-3472

HistoryOct 13, 2022 - 4:15 a.m.

CVE-2022-3472

2022-10-1304:15:10

CWE-89

CWE-707

[email protected]

web.nvd.nist.gov

cve-2022-3472

sourcecodester

human resource management system

sql injection

city.php

vdb-210716

nvd

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.4%

JSON

A vulnerability was found in SourceCodester Human Resource Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file city.php. The manipulation of the argument cityedit leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210716.

Affected configurations

NVD

Node

oretnom23human_resource_management_systemMatch-

CPENameOperatorVersion
oretnom23:human_resource_management_systemoretnom23 human resource management systemeq-

CPE	Name	Operator	Version
oretnom23:human_resource_management_system	oretnom23 human resource management system	eq	-

CNA Affected

[
  {
    "vendor": "SourceCodester",
    "product": "Human Resource Management System",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  }
]

References

github.com/Hanfu-l/POC-Exp/blob/main/The%20Human%20Resource%20Management%20System%20cityedit%20parameter%20is%20injected.pdf

vuldb.com/?id.210716

Social References