Lucene search

[email protected]CVE-2022-37138

HistorySep 14, 2022 - 11:15 a.m.

CVE-2022-37138

2022-09-1411:15:50

CWE-89

[email protected]

web.nvd.nist.gov

cve-2022-37138

loan management system

sql injection

security vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.1%

JSON

Loan Management System 1.0 is vulnerable to SQL Injection at the login page, which allows unauthorized users to login as Administrator after injecting username form.

Affected configurations

NVD

Node

loan_management_system_projectloan_management_systemMatch1.0

CPENameOperatorVersion
loan_management_system_project:loan_management_systemloan management system project loan management systemeq1.0

CPE	Name	Operator	Version
loan_management_system_project:loan_management_system	loan management system project loan management system	eq	1.0

References

github.com/saitamang/POC-DUMP/blob/main/Loan%20Management%20System/README.md

www.sourcecodester.com/php/15529/loan-management-system-oop-php-mysqlijquery-free-source-code.html

Social References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.1%

JSON

Related for CVE-2022-37138

prion1 nvd1 cvelist1