CVE-2022-1080 — SQL Injection in ONE Church Management System

CWE-89 — SQL Injection4 documents4 sources

Severity

9.8CRITICALNVD

CNA7.3

EPSS

0.3%

top 51.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester ONE Church Management System ONE Church Management System Project ONE Church Management System

Timeline

PublishedMar 29

Latest updateMay 13

Description

A vulnerability was found in SourceCodester One Church Management System 1.0. It has been declared as critical. This vulnerability affects code of the file attendancy.php as the manipulation of the argument search2 leads to sql injection. The attack can be initiated remotely.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5sourcecodester/one_church_management_system1.0

▶NVDone_church_management_system_project/one_church_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-cq5f-f8m2-7f98: A vulnerability was found in SourceCodester One Church Management System 1↗2022-03-30

▶

CVEList

SourceCodester One Church Management System attendancy.php sql injection↗2022-03-29

▶

💥Exploits & PoCs

Exploit-DB

FLEX 1080 < 1085 Web 1.6.0 - Denial of Service↗2023-05-13

▶