CVE-2022-25222

2022-03-2319:46:12

Fluid Attacks

www.cve.org

money transfer system

sql injection

vulnerability

AI Score

9.9

Confidence

High

EPSS

0.003

Percentile

71.0%

JSON

Money Transfer Management System Version 1.0 allows an unauthenticated user to inject SQL queries in ‘admin/maintenance/manage_branch.php’ and ‘admin/maintenance/manage_fee.php’ via the ‘id’ parameter.

CNA Affected

[
  {
    "product": "Money Transfer Management System",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "1.0"
      }
    ]
  }
]

References

fluidattacks.com/advisories/berry/