Lucene search

MitreCVE-2022-40347

HistoryFeb 17, 2023 - 1:15 p.m.

CVE-2022-40347

2023-02-1713:15:10

CWE-89

mitre

web.nvd.nist.gov

cve-2022-40347

sql injection

intern record system

arbitrary code execution

sensitive information

security vulnerability

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.002

Percentile

65.3%

JSON

SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in ‘phone’, ‘email’, ‘deptType’ and ‘name’ parameters, allows attackers to execute arbitrary code and gain sensitive information.

Affected configurations

Nvd

Node

intern_record_system_projectintern_record_systemMatch1.0

VendorProductVersionCPE
intern_record_system_projectintern_record_system1.0cpe:2.3:a:intern_record_system_project:intern_record_system:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
intern_record_system_project	intern_record_system	1.0	cpe:2.3:a:intern_record_system_project:intern_record_system:1.0:::::::*

References

packetstormsecurity.com/files/171740/Intern-Record-System-1.0-SQL-Injection.html

code-projects.org/intern-record-system-in-php-with-source-code/

download-media.code-projects.org/2020/03/Intern_Record_System_In_PHP_With_Source_Code.zip

github.com/h4md153v63n/CVE-2022-40347_Intern-Record-System-phone-V1.0-SQL-Injection-Vulnerability-Unauthenticated

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.002

Percentile

65.3%

JSON

Related for CVE-2022-40347