SourceCodester Microfinance Management System 1.0 Login Page /mims/login.php username/password sql injection
A vulnerability was found in SourceCodester Microfinance Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /mims/login.php of the component Login Page. The manipulation of the argument username/password with the input '||1=1#
leads to sql injection. The CWE definition for the vulnerability is CWE-89. The weakness was released 03/24/2022.
The identification of this vulnerability is CVE-2022-1082. The attack may be initiated remotely. Technical details are available. Furthermore, there is an exploit available. The price for an exploit might be around USD $0-$5k at the moment. MITRE ATT&CK project uses the attack technique T1505 for this issue.
It is declared as proof-of-concept. We expect the 0-day to have been worth approximately $0-$5k.
A possible mitigation has been published before and not just after the disclosure of the vulnerability.