SQL Injection Flaw in Bus Pass Management System by Bus.com
CVE-2022-35156

9.8CRITICAL

Key Information:

Vendor

PHPgurukul
Status
Bus Pass Management System
Vendor
CVE Published:
30 September 2022

What is CVE-2022-35156?

The Bus Pass Management System 1.0 contains a SQL Injection vulnerability that can be exploited through the 'searchdata' parameter at '/buspassms/download-pass.php'. This flaw allows attackers to manipulate SQL queries by injecting malicious code, potentially leading to unauthorized access to the database. Proper sanitization and validation of user inputs are essential to mitigate this security risk.

References

http://phpgurukul.com
x_refsource_MISC
http://bus.com
x_refsource_MISC
https://packetstormsecurity.com/files/168555/Bus-Pass-Man...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.