SQL Injection Vulnerability in Simple Real Estate Portal System by oretnom23
CVE-2022-25399

9.8CRITICAL

Key Information:

Vendor: Simple Real Estate Portal System Project
Status: Simple Real Estate Portal System
Vendor: CVE Published:; 2 March 2022

🔔 Create Simple Real Estate Portal System Project Vulnerability Alert

What is CVE-2022-25399?

The Simple Real Estate Portal System version 1.0 has a flaw that allows for a SQL injection through the 'id' parameter. This vulnerability can be exploited by attackers to manipulate database queries, potentially leading to unauthorized access to sensitive information or alteration of data. Organizations using this system should promptly implement safeguards and apply any available patches to mitigate the risk associated with this vulnerability.

References

https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/mai...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 2, 2022
Vulnerability Reserved
Feb 21, 2022

CVE-2022-25399 Data

JSON