← Zuruck zu CVEs

CVE-2022-27927

CRITICAL

9.8

Beschreibung

A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable course_code and/or customer_number parameter.

CVE Details

CVSS v3.1 Bewertung9.8

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht4/19/2022

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

microfinance_management_system_project:microfinance_management_system

Schwachen (CWE)

CWE-89

Referenzen

http://packetstormsecurity.com/files/167017/Microfinance-Management-System-1.0-SQL-Injection.html(cve@mitre.org)

https://github.com/erengozaydin/Microfinance-Management-System-V1.0-SQL-Injection-Vulnerability-Unauthenticated(cve@mitre.org)

https://www.sourcecodester.com/php/14822/microfinance-management-system.html(cve@mitre.org)

http://packetstormsecurity.com/files/167017/Microfinance-Management-System-1.0-SQL-Injection.html(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/erengozaydin/Microfinance-Management-System-V1.0-SQL-Injection-Vulnerability-Unauthenticated(af854a3a-2127-422b-91ae-364da2661108)

https://www.sourcecodester.com/php/14822/microfinance-management-system.html(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.