Lucene search

[email protected]NVD:CVE-2022-2656

HistoryAug 04, 2022 - 1:15 p.m.

CVE-2022-2656

2022-08-0413:15:08

CWE-89

[email protected]

web.nvd.nist.gov

vulnerability

sourcecodester

hotel management software

sql injection

remote attack

cve-2022-2656

vdb-205596

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

54.0%

JSON

A vulnerability classified as critical has been found in SourceCodester Multi Language Hotel Management Software. Affected is an unknown function. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205596.

Affected configurations

Nvd

Node

multi_language_hotel_management_software_projectmulti_language_hotel_management_softwareMatch-

VendorProductVersionCPE
multi_language_hotel_management_software_projectmulti_language_hotel_management_software-cpe:2.3:a:multi_language_hotel_management_software_project:multi_language_hotel_management_software:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
multi_language_hotel_management_software_project	multi_language_hotel_management_software	-	cpe:2.3:a:multi_language_hotel_management_software_project:multi_language_hotel_management_software:-:::::::*

References

github.com/gdianq/Sparkz-Hotel-Management-loginpage-Sqlinjection/blob/main/README.md

vuldb.com/?id.205596

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

54.0%

JSON

Related for NVD:CVE-2022-2656

cve1 prion1 cvelist1