CVE-2022-2723

Опубликовано: 09 авг. 2022

Источник: nvd

CVSS3: 6.3

CVSS3: 9.8

EPSS Низкий

Описание

A vulnerability was found in SourceCodester Employee Management System. It has been classified as critical. Affected is an unknown function of the file /process/eprocess.php. The manipulation of the argument mailuid/pwd leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205836.

Ссылки

https://bewhale.github.io/post/PHP%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1%E2%80%94Employee%20Management%20System%20eprocess.php%20SQL%20Injection/
Exploit
Third Party Advisory
https://vuldb.com/?id.205836
Third Party Advisory
VDB Entry
https://bewhale.github.io/post/PHP%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1%E2%80%94Employee%20Management%20System%20eprocess.php%20SQL%20Injection/
Exploit
Third Party Advisory
https://vuldb.com/?id.205836
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:employee_management_system_project:employee_management_system:-:*:*:*:*:*:*:*

EPSS

Процентиль: 60%

0.00403

Низкий

6.3 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-gvfr-jjgg-f37h

CVSS3: 9.8

github

больше 3 лет назад

EPSS

Процентиль: 60%

0.00403

Низкий

6.3 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-89