Lucene search

VulDBCVELIST:CVE-2022-2467

HistoryJul 19, 2022 - 9:30 a.m.

CVE-2022-2467 SourceCodester Garage Management System login.php sql injection

2022-07-1909:30:16

CWE-89

VulDB

www.cve.org

cve-2022-2467

sql injection

remote attack

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

Confidence

High

EPSS

0.04

Percentile

92.1%

JSON

A vulnerability has been found in SourceCodester Garage Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument username with the input [email protected]’ AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND ‘hsvT’='hsvT leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CNA Affected

[
  {
    "product": "Garage Management System",
    "vendor": "SourceCodester",
    "versions": [
      {
        "status": "affected",
        "version": "1.0"
      }
    ]
  }
]

References

github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Garage-Management-System.md

vuldb.com/?id.204160

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

Confidence

High

EPSS

0.04

Percentile

92.1%

JSON

Related for CVELIST:CVE-2022-2467