Lucene search

TR-CERTCVELIST:CVE-2022-2807

HistoryNov 25, 2022 - 12:00 a.m.

CVE-2022-2807 SQL Injection in Prens Student Information System

2022-11-2500:00:00

CWE-89

TR-CERT

www.cve.org

cve-2022-2807

sql injection

algan software

prens student information system

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

41.7%

JSON

SQL Injection vulnerability in Algan Software Prens Student Information System allows SQL Injection.This issue affects Prens Student Information System: before 2.1.11.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Prens Student Information System",
    "vendor": "Algan Software",
    "versions": [
      {
        "lessThan": "2.1.11",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.usom.gov.tr/bildirim/tr-22-0708

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

41.7%

JSON

Related for CVELIST:CVE-2022-2807