Lucene search

[email protected]NVD:CVE-2022-37185

HistorySep 06, 2022 - 8:15 p.m.

CVE-2022-37185

2022-09-0620:15:09

CWE-89

[email protected]

web.nvd.nist.gov

cve-2022-37185

sql injection

thai basic education commission

data leakage

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

54.2%

JSON

SQL injection vulnerability exists in the school information query interface (repschoolproj.php) of the EMS 6.2 system of the Office of the Thai Basic Education Commission, which can lead to data leakage.

Affected configurations

Nvd

Node

ems_projectemsMatch6.2

VendorProductVersionCPE
ems_projectems6.2cpe:2.3:a:ems_project:ems:6.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ems_project	ems	6.2	cpe:2.3:a:ems_project:ems:6.2:::::::*

References

eme1.obec.go.th

eme1.obec.go.th/~eme62/repschoolproj.php?claster=school&idarea=648

exchange.xforce.ibmcloud.com/vulnerabilities/235480

github.com/00xdF/emes/blob/main/readme.md

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

54.2%

JSON

Related for NVD:CVE-2022-37185

cve1 cvelist1 prion1