Det var en kritisksvag punkt upptäcktes i SourceCodester Prison Management System 1.0. Som påverkar en okänd funktion filen /admin/?page=inmates/view_inmate av komponenten Inmate Handler. Manipulering av argumenten id med ingången 1%27%20and%201=2%20union%20select%201,user(),3,4,5,6,7,8,9,0,database(),2,3,4,5,6,7,8,9,0,1,2,3,4--+
en okänd ingång leder till en sårbarhet klass sql injektion svag punkt. Den rådgivande finns tillgänglig för nedladdning på github.com.
Denna svaga punkt behandlas som CVE-2022-2018. Attacken på nätet kan. Det finns tekniska detaljer känd.
Han deklarerade proof-of-concept. Den exploit kan laddas ner från github.com.
En möjlig åtgärd har utfärdats före och inte bara efter offentliggörandet.
Fält | 07/06/2022 12:15 | 10/06/2022 08:51 |
---|
vendor | SourceCodester | SourceCodester |
name | Prison Management System | Prison Management System |
version | 1.0 | 1.0 |
component | Inmate Handler | Inmate Handler |
file | /admin/?page=inmates/view_inmate | /admin/?page=inmates/view_inmate |
argument | id | id |
cwe | 89 (sql injektion) | 89 (sql injektion) |
risk | 2 | 2 |
cvss3_vuldb_av | N | N |
cvss3_vuldb_ac | L | L |
cvss3_vuldb_pr | H | H |
cvss3_vuldb_ui | N | N |
cvss3_vuldb_s | U | U |
cvss3_vuldb_c | L | L |
cvss3_vuldb_i | L | L |
cvss3_vuldb_a | L | L |
cvss3_vuldb_e | P | P |
cvss3_vuldb_rc | R | R |
url | https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System(SQLI).md | https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System(SQLI).md |
availability | 1 | 1 |
publicity | 1 | 1 |
url | https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System(SQLI).md | https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System(SQLI).md |
cve | CVE-2022-2018 | CVE-2022-2018 |
responsible | VulDB | VulDB |
date | 1654552800 (07/06/2022) | 1654552800 (07/06/2022) |
cvss2_vuldb_av | N | N |
cvss2_vuldb_ac | L | L |
cvss2_vuldb_au | M | M |
cvss2_vuldb_ci | P | P |
cvss2_vuldb_ii | P | P |
cvss2_vuldb_ai | P | P |
cvss2_vuldb_e | POC | POC |
cvss2_vuldb_rc | UR | UR |
cvss2_vuldb_rl | ND | ND |
cvss3_vuldb_rl | X | X |
cvss2_vuldb_basescore | 5.8 | 5.8 |
cvss2_vuldb_tempscore | 5.0 | 5.0 |
cvss3_vuldb_basescore | 4.7 | 4.7 |
cvss3_vuldb_tempscore | 4.3 | 4.3 |
cvss3_meta_basescore | 4.7 | 4.7 |
cvss3_meta_tempscore | 4.3 | 4.3 |
price_0day | $0-$5k | $0-$5k |
input_value | 1%27%20and%201=2%20union%20select%201,user(),3,4,5,6,7,8,9,0,database(),2,3,4,5,6,7,8,9,0,1,2,3,4--+ | 1%27%20and%201=2%20union%20select%201,user(),3,4,5,6,7,8,9,0,database(),2,3,4,5,6,7,8,9,0,1,2,3,4--+ |
cve_assigned | | 1654552800 (07/06/2022) |
cve_nvd_summary | | A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. Affected is an unknown function of the file /admin/?page=inmates/view_inmate of the component Inmate Handler. The manipulation of the argument id with the input 1%27%20and%201=2%20union%20select%201,user(),3,4,5,6,7,8,9,0,database(),2,3,4,5,6,7,8,9,0,1,2,3,4--+ leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |