SourceCodester Garage Management System 1.0 /edituser.php id SQL注入

条目历史jsonxmlCTI

在SourceCodester Garage Management System 1.0中曾发现分类为致命的漏洞。此漏洞会影响未知代码文件/edituser.php。手动调试的软件参数:id使用输入：-2'%20UNION%20select%2011,user(),333,444--+不合法输入可导致 SQL注入。使用CWE来声明会导致 CWE-89 的问题。此漏洞的脆弱性 2022-07-29所公布。公告共享下载网址是github.com。该漏洞被命名为CVE-2022-2577，可以发起远程攻击，有技术细节可用。此外还有一个漏洞可利用。该漏洞利用已公开，可能会被利用。漏洞利用的当前现价为美元计算大致为USD $0-$5k。 MITRE ATT&CK项目声明攻击技术为T1505。它被宣布为proof-of-concept。可以在github.com下载该漏洞利用。估计零日攻击的地下价格约为$0-$5k。该漏洞被披露后，此前未曾发表过可能的缓解措施。

字段	2022-08-28 14時41分	2022-08-28 14時45分	2022-08-28 14時47分
risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
url	https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Garage%20Management%20System(SQLI).md	https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Garage%20Management%20System(SQLI).md	https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Garage%20Management%20System(SQLI).md
availability	1	1	1
publicity	1	1	1
url	https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Garage%20Management%20System(SQLI).md	https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Garage%20Management%20System(SQLI).md	https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Garage%20Management%20System(SQLI).md
cve	CVE-2022-2577	CVE-2022-2577	CVE-2022-2577
responsible	VulDB	VulDB	VulDB
date	1659045600 (2022-07-29)	1659045600 (2022-07-29)	1659045600 (2022-07-29)
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss2_vuldb_au	S	S	S
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_rl	X	X	X
cvss2_vuldb_basescore	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.6	5.6	5.6
cvss3_vuldb_basescore	6.3	6.3	6.3
cvss3_vuldb_tempscore	5.7	5.7	5.7
cvss3_meta_basescore	6.3	7.1	7.1
cvss3_meta_tempscore	5.7	6.9	6.9
price_0day	$0-$5k	$0-$5k	$0-$5k
vendor	SourceCodester	SourceCodester	SourceCodester
name	Garage Management System	Garage Management System	Garage Management System
version	1.0	1.0	1.0
file	/edituser.php	/edituser.php	/edituser.php
argument	id	id	id
cwe	89 (SQL注入)	89 (SQL注入)	89 (SQL注入)
input_value	-2'%20UNION%20select%2011,user(),333,444--+	-2'%20UNION%20select%2011,user(),333,444--+	-2'%20UNION%20select%2011,user(),333,444--+
cve_assigned	1659045600 (2022-07-29)	1659045600 (2022-07-29)	1659045600 (2022-07-29)
cve_nvd_summary	A vulnerability classified as critical was found in SourceCodester Garage Management System 1.0. This vulnerability affects unknown code of the file /edituser.php. The manipulation of the argument id with the input -2'%20UNION%20select%2011,user(),333,444--+ leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.	A vulnerability classified as critical was found in SourceCodester Garage Management System 1.0. This vulnerability affects unknown code of the file /edituser.php. The manipulation of the argument id with the input -2'%20UNION%20select%2011,user(),333,444--+ leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.	A vulnerability classified as critical was found in SourceCodester Garage Management System 1.0. This vulnerability affects unknown code of the file /edituser.php. The manipulation of the argument id with the input -2'%20UNION%20select%2011,user(),333,444--+ leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
cvss3_cna_ac		L	L
cvss3_cna_pr		L	L
cvss3_cna_ui		N	N
cvss3_cna_s		U	U
cvss3_cna_c		L	L
cvss3_cna_i		L	L
cvss3_cna_a		L	L
cve_cna		VulDB	VulDB
cvss3_nvd_basescore		8.8	8.8
cvss3_cna_basescore		6.3	6.3
cvss3_nvd_av		N	N
cvss3_nvd_ac		L	L
cvss3_nvd_pr		L	L
cvss3_nvd_ui		N	N
cvss3_nvd_s		U	U
cvss3_nvd_c		H	H
cvss3_nvd_i		H	H
cvss3_nvd_a		H	H
cvss3_cna_av		N	N

◂ 上一步一览下一步 ▸

Do you know our Splunk app?

Download it now for free!