← Retour aux CVEs

CVE-2022-27927

CRITICAL

9.8

Description

A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable course_code and/or customer_number parameter.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie4/19/2022

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

microfinance_management_system_project:microfinance_management_system

Faiblesses (CWE)

CWE-89

References

http://packetstormsecurity.com/files/167017/Microfinance-Management-System-1.0-SQL-Injection.html(cve@mitre.org)

https://github.com/erengozaydin/Microfinance-Management-System-V1.0-SQL-Injection-Vulnerability-Unauthenticated(cve@mitre.org)

https://www.sourcecodester.com/php/14822/microfinance-management-system.html(cve@mitre.org)

http://packetstormsecurity.com/files/167017/Microfinance-Management-System-1.0-SQL-Injection.html(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/erengozaydin/Microfinance-Management-System-V1.0-SQL-Injection-Vulnerability-Unauthenticated(af854a3a-2127-422b-91ae-364da2661108)

https://www.sourcecodester.com/php/14822/microfinance-management-system.html(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.