SourceCodester Simple Student Information System manage_department.php sql injection
CVE-2022-2705

6.3MEDIUM

Key Information:

Vendor: Sourcecodester
Status: Simple Student Information System
Vendor: CVE Published:; 8 August 2022

Summary

A vulnerability was found in SourceCodester Simple Student Information System. It has been rated as critical. This issue affects some unknown processing of the file admin/departments/manage_department.php. The manipulation of the argument id with the input -5756%27%20UNION%20ALL%20SELECT%20NULL,database(),user(),NULL,NULL,NULL,NULL--%20- leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205829 was assigned to this vulnerability.

Affected Version(s)

Simple Student Information System

References

https://bewhale.github.io/post/PHP%E4%BB%A3%E7%A0%81%E5%A...

x_refsource_MISC

https://vuldb.com/?id.205829

x_refsource_MISC

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2022
Vulnerability Reserved
Aug 7, 2022