Lucene search

[email protected]CVE-2022-40049

HistoryJan 06, 2023 - 3:15 a.m.

CVE-2022-40049

2023-01-0603:15:08

CWE-89

[email protected]

web.nvd.nist.gov

cve-2022-40049

sql injection

sourcecodester

theme park ticketing system

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.0%

JSON

SQL injection vulnerability in sourcecodester Theme Park Ticketing System 1.0 allows remote attackers to view sensitive information via the id parameter to the /tpts/manage_user.php page.

Affected configurations

NVD

Node

theme_park_ticketing_system_projecttheme_park_ticketing_systemMatch1.0

CPENameOperatorVersion
theme_park_ticketing_system_project:theme_park_ticketing_systemtheme park ticketing system project theme park ticketing systemeq1.0

CPE	Name	Operator	Version
theme_park_ticketing_system_project:theme_park_ticketing_system	theme park ticketing system project theme park ticketing system	eq	1.0

References

github.com/Manba6/Bug_report/blob/main/vendors/oretnom23/theme-park-ticketing-system/SQLi-1.md

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.0%

JSON

Related for CVE-2022-40049

prion1 nvd1 cvelist1