SQL Injection Vulnerability in Purchase Order Management System by Oretnom23
CVE-2022-28023

9.8CRITICAL

Key Information:

Vendor: Purchase Order Management System Project
Status: Purchase Order Management System
Vendor: CVE Published:; 21 April 2022

🔔 Create Purchase Order Management System Project Vulnerability Alert

What is CVE-2022-28023?

The Purchase Order Management System version 1.0 has a SQL injection vulnerability located in the delete_supplier function within the Master.php file. This flaw allows an attacker to manipulate SQL queries, potentially leading to unauthorized data access or modification. It is essential to implement filtering and validation on input parameters to mitigate this risk.

References

https://github.com/k0xx11/bug_report/blob/main/vendors/or...

x_refsource_MISC

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2022
Vulnerability Reserved
Mar 28, 2022

CVE-2022-28023 Data

JSON