Lucene search

VulDBCVELIST:CVE-2022-2700

HistoryAug 08, 2022 - 12:25 p.m.

CVE-2022-2700 SourceCodester Gym Management System GET Parameter sql injection

2022-08-0812:25:56

CWE-89

VulDB

www.cve.org

vulnerability

sourcecodester

gym management system

get parameter

sql injection

remote attack

exploit

public disclosure

vdb-205821

critical.

CVSS3

4.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

AI Score

9.2

Confidence

High

EPSS

0.001

Percentile

41.1%

JSON

A vulnerability classified as critical has been found in SourceCodester Gym Management System. This affects an unknown part of the component GET Parameter Handler. The manipulation of the argument day leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205821 was assigned to this vulnerability.

CNA Affected

[
  {
    "product": "Gym Management System",
    "vendor": "SourceCodester",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

github.com/gdianq/Gym-Management-System-Sqlinjection/blob/main/README.md

vuldb.com/?id.205821