Home Clean Services Management System login.php sql injection
CVE-2022-1838

4.7MEDIUM

Key Information:

Vendor: Unspecified
Status: Home Clean Services Management System
Vendor: CVE Published:; 24 May 2022

🔔 Create Unspecified Vulnerability Alert

What is CVE-2022-1838?

A vulnerability classified as critical has been found in Home Clean Services Management System 1.0. This affects an unknown part of admin/login.php. The manipulation of the argument username with the input admin%'//AND//(SELECT//5383//FROM//(SELECT(SLEEP(5)))JPeh)//AND/**/'frfq%'='frfq leads to sql injection. It is possible to initiate the attack remotely but it requires authentication. Exploit details have been disclosed to the public.

Affected Version(s)

Home Clean Services Management System 1.0

References

https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/...

x_refsource_MISC

https://vuldb.com/?id.200583

x_refsource_MISC

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 24, 2022
Vulnerability Reserved
May 24, 2022

JSON