Lucene search

MitreCVE-2022-47859

HistoryJan 11, 2023 - 3:15 p.m.

CVE-2022-47859

2023-01-1115:15:09

CWE-89

mitre

web.nvd.nist.gov

cve-2022-47859

lead management system

sql injection

changepassword.php

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

52.3%

JSON

Lead Management System v1.0 is vulnerable to SQL Injection via the user_id parameter in changePassword.php.

Affected configurations

Nvd

Node

lead_management_system_projectlead_management_systemMatch1.0

VendorProductVersionCPE
lead_management_system_projectlead_management_system1.0cpe:2.3:a:lead_management_system_project:lead_management_system:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lead_management_system_project	lead_management_system	1.0	cpe:2.3:a:lead_management_system_project:lead_management_system:1.0:::::::*

References

github.com/xiumulty/CVE/blob/main/Lead%20management%20system%20v1.0/sql%20in%20changePassword.php.md

www.sourcecodester.com/php/15933/lead-management-system-php-open-source-free-download.html

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

52.3%

JSON

Related for CVE-2022-47859