Student Attendance Management System /Admin/createClass.php Id sql injection

EntryHistoryDiffjsonxmlCTI

A vulnerability was found in Student Attendance Management System and classified as critical. This issue affects some unknown processing of the file /Admin/createClass.php. The manipulation of the argument Id leads to sql injection. The CWE definition for the vulnerability is CWE-89. The weakness was published 11/17/2022. The advisory is shared at github.com. The identification of this vulnerability is CVE-2022-4052. The attack may be initiated remotely. Technical details are available. Furthermore, there is an exploit available. The exploit has been disclosed to the public and may be used. The price for an exploit might be around USD $0-$5k at the moment. MITRE ATT&CK project uses the attack technique T1505 for this issue. It is declared as proof-of-concept. The exploit is available at github.com. We expect the 0-day to have been worth approximately $0-$5k. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

1	40

Field

vulnerability_cvss3_meta_tempscore	2
vulnerability_cvss3_meta_basescore	2
exploit_price_0day	2
vulnerability_cvss3_cna_basescore	1
vulnerability_cvss3_nvd_basescore	1

Commit Conf

90%	34
70%	19
50%	10

Approve Conf

90%	34
70%	19
80%	10

ID	Commited	User	Field	Change	Remarks	Accepted	Status	C
13409707	12/19/2022	VulD...	cvss3_cna_basescore	4.7	see CVSS documentation	12/19/2022	accepted	90
13409706	12/19/2022	VulD...	cvss3_nvd_basescore	7.2	nist.gov	12/19/2022	accepted	90
13409705	12/19/2022	VulD...	cvss3_meta_tempscore	5.4	see CVSS documentation	12/19/2022	accepted	90
13409704	12/19/2022	VulD...	cvss3_meta_basescore	5.5	see CVSS documentation	12/19/2022	accepted	90
13409703	12/19/2022	VulD...	cve_cna	VulDB	nvd.nist.gov	12/19/2022	accepted	70
13409702	12/19/2022	VulD...	cvss3_cna_a	L	nvd.nist.gov	12/19/2022	accepted	70
13409701	12/19/2022	VulD...	cvss3_cna_i	L	nvd.nist.gov	12/19/2022	accepted	70
13409700	12/19/2022	VulD...	cvss3_cna_c	L	nvd.nist.gov	12/19/2022	accepted	70
13409699	12/19/2022	VulD...	cvss3_cna_s	U	nvd.nist.gov	12/19/2022	accepted	70
13409698	12/19/2022	VulD...	cvss3_cna_ui	N	nvd.nist.gov	12/19/2022	accepted	70
13409697	12/19/2022	VulD...	cvss3_cna_pr	H	nvd.nist.gov	12/19/2022	accepted	70
13409696	12/19/2022	VulD...	cvss3_cna_ac	L	nvd.nist.gov	12/19/2022	accepted	70
13409695	12/19/2022	VulD...	cvss3_cna_av	N	nvd.nist.gov	12/19/2022	accepted	70
13409694	12/19/2022	VulD...	cvss3_nvd_a	H	nvd.nist.gov	12/19/2022	accepted	70
13409693	12/19/2022	VulD...	cvss3_nvd_i	H	nvd.nist.gov	12/19/2022	accepted	70
13409692	12/19/2022	VulD...	cvss3_nvd_c	H	nvd.nist.gov	12/19/2022	accepted	70
13409691	12/19/2022	VulD...	cvss3_nvd_s	U	nvd.nist.gov	12/19/2022	accepted	70
13409690	12/19/2022	VulD...	cvss3_nvd_ui	N	nvd.nist.gov	12/19/2022	accepted	70
13409689	12/19/2022	VulD...	cvss3_nvd_pr	H	nvd.nist.gov	12/19/2022	accepted	70
13409688	12/19/2022	VulD...	cvss3_nvd_ac	L	nvd.nist.gov	12/19/2022	accepted	70

43 more entries are not shown

🔒 Login Required

You need to signup and login to see more of the remaining 43 results.

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!