CVE-2022-2017

CWE-89SQL InjectionCWE-79Cross-site Scripting (XSS)CWE-693CWE-20Improper Input ValidationCWE-119Buffer OverflowCWE-399CWE-416Use After FreeCWE-70431 documents13 sources
Severity
7.2HIGH
EPSS
0.3%
top 50.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Sourcecodester Prison Management SystemPrison Management System Project Prison Management System
Timeline
PublishedJun 9
Latest updateOct 19

Description

A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pms/admin/visits/view_visit.php of the component Visit Handler. The manipulation of the argument id with the input 2%27and%201=2%20union%20select%201,2,3,4,5,6,7,user(),database()--+ leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LExploitability: 1.2 | Impact: 3.4

Affected Packages2 packages

🔴Vulnerability Details

8
GHSA
Sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin2022-10-19
GHSA
Cross-site Scripting in Jenkins Validating Email Parameter Plugin2022-07-01
GHSA
Cross-site Scripting in Jenkins Hidden Parameter Plugin2022-06-24
GHSA
Cross-site Scripting in Jenkins Stash Branch Parameter Plugin2022-06-24
GHSA
Cross-site Scripting in Jenkins NS-ND Integration Performance Publisher Plugin2022-06-24

🔍Detection Rules

1
Sigma
Potential OGNL Injection Exploitation In JVM Based Application

📋Vendor Advisories

7
CISA
Artifex Ghostscript Type Confusion Vulnerability2022-05-24
CISA
Microsoft Windows Privilege Escalation Vulnerability2022-03-28
CISA
Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability2022-03-03
CISA
Microsoft Office Remote Code Execution Vulnerability2022-03-03
CISA
Cisco IOS Software Network Address Translation Denial-of-Service Vulnerability2022-03-03
CVE-2022-2017 (HIGH CVSS 7.2) | A vulnerability was found in Source | cvebase.io