SourceCodester Loan Management System login.php sql injection
CVE-2022-2666

9.8CRITICAL

Key Information:

Vendor

Sourcecodester
Status
Loan Management System
Vendor
CVE Published:
7 January 2023

What is CVE-2022-2666?

A significant vulnerability has been identified in the SourceCodester Loan Management System, specifically affecting the login.php file. This issue arises due to improper handling of the username parameter, which can be exploited for SQL injection attacks. Attackers can initiate these exploits remotely, potentially gaining unauthorized access to sensitive data. Given that this flaw is publicly disclosed, it poses an urgent risk to systems utilizing this software. Organizations using the Loan Management System should act swiftly to implement security measures and patches.

Affected Version(s)

Loan Management System

References

https://vuldb.com/?id.205618
vdb-entrytechnical-description
https://vuldb.com/?ctiid.205618
signaturepermissions-required
https://github.com/cxaqhq/Loan-Management-System-Sqlinjec...
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

cxaqhq (VulDB User)
JSON
.
CVE-2022-2666 : SourceCodester Loan Management System login.php sql injection