CVE-2022-27927

Опубликовано: 19 апр. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Высокий

Описание

A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable course_code and/or customer_number parameter.

Ссылки

http://packetstormsecurity.com/files/167017/Microfinance-Management-System-1.0-SQL-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/erengozaydin/Microfinance-Management-System-V1.0-SQL-Injection-Vulnerability-Unauthenticated
Exploit
Third Party Advisory
https://www.sourcecodester.com/php/14822/microfinance-management-system.html
Product
Third Party Advisory
http://packetstormsecurity.com/files/167017/Microfinance-Management-System-1.0-SQL-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/erengozaydin/Microfinance-Management-System-V1.0-SQL-Injection-Vulnerability-Unauthenticated
Exploit
Third Party Advisory
https://www.sourcecodester.com/php/14822/microfinance-management-system.html
Product
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:microfinance_management_system_project:microfinance_management_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.7761

Высокий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-84cr-qhpf-995p