CVE-2022-1838

Опубликовано: 24 мая 2022

Источник: nvd

CVSS3: 4.7

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

A vulnerability classified as critical has been found in Home Clean Services Management System 1.0. This affects an unknown part of admin/login.php. The manipulation of the argument username with the input admin%'//AND//(SELECT//5383//FROM//(SELECT(SLEEP(5)))JPeh)//AND/**/'frfq%'='frfq leads to sql injection. It is possible to initiate the attack remotely but it requires authentication. Exploit details have been disclosed to the public.

Ссылки

https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/Home%20Clean%20Services%20Management%20System/HCS_admin_SQL_Inject.md
Exploit
Third Party Advisory
https://vuldb.com/?id.200583
Third Party Advisory
https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/Home%20Clean%20Services%20Management%20System/HCS_admin_SQL_Inject.md
Exploit
Third Party Advisory
https://vuldb.com/?id.200583
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:home_clean_services_management_system_project:home_clean_services_management_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 55%

0.00321

Низкий

4.7 Medium

CVSS3

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-2c28-f73p-mgcc

CVSS3: 7.2

github

больше 3 лет назад

A vulnerability classified as critical has been found in Home Clean Services Management System 1.0. This affects an unknown part of admin/login.php. The manipulation of the argument username with the input admin%'/**/AND/**/(SELECT/**/5383/**/FROM/**/(SELECT(SLEEP(5)))JPeh)/**/AND/**/'frfq%'='frfq leads to sql injection. It is possible to initiate the attack remotely but it requires authentication. Exploit details have been disclosed to the public.

EPSS

Процентиль: 55%

0.00321

Низкий

4.7 Medium

CVSS3

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89