Rigatur Online Booking and Hotel Management System aff6409 POST Request login.php email/pass SQL注入

Rigatur Online Booking and Hotel Management System aff6409中曾发现一漏洞, 此漏洞被申报为致命。 受此漏洞影响的是未知功能文件:login.php的组件POST Request Handler。 手动调试的软件参数:email/pass不合法输入可导致 SQL注入。 漏洞的CWE定义是 CWE-89。 此漏洞的脆弱性 2022-08-05所披露。 分享公告的网址是vuldb.com。 该漏洞被称作为CVE-2022-2673, 攻击可能远程发起, 有技术细节可用。 此外还有一个漏洞可利用。 该漏洞利用已公开,可能会被利用。 当前漏洞利用价值为美元大约是 $0-$5k。 MITRE ATT&CK项目使用攻击技术T1505来解决该问题。 它被宣布为proof-of-concept。 我们估计的零日攻击价值约为$0-$5k。 该漏洞被披露后,此前未曾发表过可能的缓解措施。

字段2022-08-05 12時43分2022-08-30 14時42分2022-08-30 14時47分
vendorRigaturRigaturRigatur
nameOnline Booking and Hotel Management SystemOnline Booking and Hotel Management SystemOnline Booking and Hotel Management System
versionaff6409aff6409aff6409
componentPOST Request HandlerPOST Request HandlerPOST Request Handler
filelogin.phplogin.phplogin.php
argumentemail/passemail/passemail/pass
cwe89 (SQL注入)89 (SQL注入)89 (SQL注入)
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_vuldb_ePPP
cvss3_vuldb_rcRRR
availability111
publicity111
cveCVE-2022-2673CVE-2022-2673CVE-2022-2673
responsibleVulDBVulDBVulDB
date1659650400 (2022-08-05)1659650400 (2022-08-05)1659650400 (2022-08-05)
typeHospitality SoftwareHospitality SoftwareHospitality Software
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rcURURUR
cvss2_vuldb_auSSS
cvss2_vuldb_rlNDNDND
cvss3_vuldb_prLLL
cvss3_vuldb_rlXXX
cvss2_vuldb_basescore6.56.56.5
cvss2_vuldb_tempscore5.65.65.6
cvss3_vuldb_basescore6.36.36.3
cvss3_vuldb_tempscore5.75.75.7
cvss3_meta_basescore6.36.37.1
cvss3_meta_tempscore5.75.76.9
price_0day$0-$5k$0-$5k$0-$5k
urlhttps://vuldb.com/?id.205657https://vuldb.com/?id.205657
cve_assigned1659650400 (2022-08-05)1659650400 (2022-08-05)
cve_nvd_summaryA vulnerability was found in Rigatur Online Booking and Hotel Management System aff6409. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Request Handler. The manipulation of the argument email/pass leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205657 was assigned to this vulnerability.A vulnerability was found in Rigatur Online Booking and Hotel Management System aff6409. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Request Handler. The manipulation of the argument email/pass leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205657 was assigned to this vulnerability.
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prL
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iL
cvss3_cna_aL
cve_cnaVulDB
cvss3_nvd_basescore8.8
cvss3_cna_basescore6.3
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prL
cvss3_nvd_uiN

上一步一览下一步

Do you know our Splunk app?

Download it now for free!