SourceCodester Canteen Management System POST Request ajax_invoice.php query sql injection
CVE-2022-4222

5MEDIUM

Key Information:

Vendor: Sourcecodester
Status: Canteen Management System
Vendor: CVE Published:; 30 November 2022

Summary

A vulnerability was found in SourceCodester Canteen Management System. It has been rated as critical. This issue affects the function query of the file ajax_invoice.php of the component POST Request Handler. The manipulation of the argument search leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214523.

Affected Version(s)

Canteen Management System

References

https://www.jianshu.com/p/bda61089bf1d

https://vuldb.com/?id.214523

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 30, 2022
Vulnerability Reserved
Nov 30, 2022