SourceCodester Best Fee Management System admin_class.php login username sql injection
A vulnerability was found in SourceCodester Best Fee Management System. It has been rated as critical. Affected by this issue is the function login
of the file admin_class.php. The manipulation of the argument username leads to sql injection. Using CWE to declare the problem leads to CWE-89. The weakness was presented 08/05/2022. The advisory is available at vuldb.com.
This vulnerability is handled as CVE-2022-2674. The attack may be launched remotely. Technical details are available. Furthermore, there is an exploit available. The exploit has been disclosed to the public and may be used. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. This vulnerability is assigned to T1505 by the MITRE ATT&CK project.
It is declared as proof-of-concept. As 0-day the estimated underground price was around $0-$5k.
A possible mitigation has been published even before and not after the disclosure of the vulnerability.