SourceCodester Prison Management System 1.0 Visit view_visit.php id SQL注入

条目差异jsonxmlCTI

在SourceCodester Prison Management System 1.0中曾发现一漏洞，此漏洞被评为致命。此漏洞会影响某些未知进程文件/pms/admin/visits/view_visit.php的组件Visit Handler。手动调试的软件参数:id使用输入：2%27and%201=2%20union%20select%201,2,3,4,5,6,7,user(),database()--+不合法输入可导致 SQL注入。漏洞的CWE定义是 CWE-89。此漏洞的脆弱性 2022-06-07所公布。分享公告的网址是github.com。该漏洞被标识为CVE-2022-2017，可以发起远程攻击，有技术细节可用。此外还有一个漏洞可利用。该漏洞利用已公开，可能会被利用。当前漏洞利用价值为美元大约是 $0-$5k。 MITRE ATT&CK项目使用攻击技术T1505来解决该问题。它被宣布为proof-of-concept。以下网址提供该漏洞利用：github.com。我们估计的零日攻击价值约为$0-$5k。该漏洞被披露后，远在此前发表过可能的缓解措施。

时间轴

用户

1	27

字段

source_cve_nvd_summary	1
source_cve_assigned	1
software_input_value	1
software_component	1
exploit_price_0day	1

Commit Conf

90%	31
50%	10
70%	2
100%	2

Approve Conf

90%	31
80%	10
70%	2
100%	2

ID	已提交	用户	字段	更改	备注	已接受	地位	C
12591427	2022-06-10	VulD...	cve_nvd_summary	A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pms/admin/visits/view_visit.php of the component Visit Handler. The manipulation of the argument id with the input 2%27and%201=2%20union%20select%201,2,3,4,5,6,7,user(),database()--+ leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.	cve.mitre.org	2022-06-10	已接受	70
12591426	2022-06-10	VulD...	cve_assigned	1654552800 (2022-06-07)	cve.mitre.org	2022-06-10	已接受	70
12584359	2022-06-07	VulD...	input_value	2%27and%201=2%20union%20select%201,2,3,4,5,6,7,user(),database()--+		2022-06-07	已接受	100
12584358	2022-06-07	VulD...	component	Visit Handler		2022-06-07	已接受	100
12584357	2022-06-07	VulD...	price_0day	$0-$5k	see exploit price documentation	2022-06-07	已接受	90
12584356	2022-06-07	VulD...	cvss3_meta_tempscore	4.3	see CVSS documentation	2022-06-07	已接受	90
12584355	2022-06-07	VulD...	cvss3_meta_basescore	4.7	see CVSS documentation	2022-06-07	已接受	90
12584354	2022-06-07	VulD...	cvss3_vuldb_tempscore	4.3	see CVSS documentation	2022-06-07	已接受	90
12584353	2022-06-07	VulD...	cvss3_vuldb_basescore	4.7	see CVSS documentation	2022-06-07	已接受	90
12584352	2022-06-07	VulD...	cvss2_vuldb_tempscore	5.0	see CVSS documentation	2022-06-07	已接受	90
12584351	2022-06-07	VulD...	cvss2_vuldb_basescore	5.8	see CVSS documentation	2022-06-07	已接受	90
12584350	2022-06-07	VulD...	cvss3_vuldb_rl	X	derived from historical data	2022-06-07	已接受	80
12584349	2022-06-07	VulD...	cvss2_vuldb_rl	ND	derived from historical data	2022-06-07	已接受	80
12584348	2022-06-07	VulD...	cvss2_vuldb_rc	UR	derived from vuldb v3 vector	2022-06-07	已接受	80
12584347	2022-06-07	VulD...	cvss2_vuldb_e	POC	derived from vuldb v3 vector	2022-06-07	已接受	80
12584346	2022-06-07	VulD...	cvss2_vuldb_ai	P	derived from vuldb v3 vector	2022-06-07	已接受	80
12584345	2022-06-07	VulD...	cvss2_vuldb_ii	P	derived from vuldb v3 vector	2022-06-07	已接受	80
12584344	2022-06-07	VulD...	cvss2_vuldb_ci	P	derived from vuldb v3 vector	2022-06-07	已接受	80
12584343	2022-06-07	VulD...	cvss2_vuldb_au	M	derived from vuldb v3 vector	2022-06-07	已接受	80
12584342	2022-06-07	VulD...	cvss2_vuldb_ac	L	derived from vuldb v3 vector	2022-06-07	已接受	80

25 更多条目未显示

🔒 Login Required

You need to signup and login to see more of the remaining 25 results.

◂ 上一步一览下一步 ▸

Might our Artificial Intelligence support you?

Check our Alexa App!