CVE-2022-30927

Опубликовано: 06 июн. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

A SQL injection vulnerability exists in Simple Task Scheduling System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable "id" parameter.

Ссылки

https://github.com/ykosan1/Simple-Task-Scheduling-System-id-SQL-Injection-Unauthenticated
Exploit
Third Party Advisory
https://www.sourcecodester.com/php/15328/simple-task-scheduler-system-phpoop-free-source-code.html
Product
https://www.sourcecodester.com/sites/default/files/download/oretnom23/tss.zip
Product
https://github.com/ykosan1/Simple-Task-Scheduling-System-id-SQL-Injection-Unauthenticated
Exploit
Third Party Advisory
https://www.sourcecodester.com/php/15328/simple-task-scheduler-system-phpoop-free-source-code.html
Product
https://www.sourcecodester.com/sites/default/files/download/oretnom23/tss.zip
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:simple_task_scheduling_system_project:simple_task_scheduling_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 54%

0.00316

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-x69g-pvvj-r464