CVE-2022-1839

Опубликовано: 24 мая 2022

Источник: nvd

CVSS3: 6.3

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

A vulnerability classified as critical was found in Home Clean Services Management System 1.0. This vulnerability affects the file login.php. The manipulation of the argument email with the input admin%'//AND//(SELECT//5383//FROM//(SELECT(SLEEP(2)))JPeh)//AND/**/'frfq%'='frfq leads to sql injection. The attack can be initiated remotely but it requires authentication. Exploit details have been disclosed to the public.

Ссылки

https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/Home%20Clean%20Services%20Management%20System/HCS_login_email_SQL_injection.md
Exploit
Third Party Advisory
https://vuldb.com/?id.200584
Third Party Advisory
https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/Home%20Clean%20Services%20Management%20System/HCS_login_email_SQL_injection.md
Exploit
Third Party Advisory
https://vuldb.com/?id.200584
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:home_clean_services_management_system_project:home_clean_services_management_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00478

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-8ggj-j64g-w9r2

CVSS3: 8.8

github

больше 3 лет назад

A vulnerability classified as critical was found in Home Clean Services Management System 1.0. This vulnerability affects the file login.php. The manipulation of the argument email with the input admin%'/**/AND/**/(SELECT/**/5383/**/FROM/**/(SELECT(SLEEP(2)))JPeh)/**/AND/**/'frfq%'='frfq leads to sql injection. The attack can be initiated remotely but it requires authentication. Exploit details have been disclosed to the public.

EPSS

Процентиль: 64%

0.00478

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89