CVE-2022-2491

CWE-89SQL Injection3 documents3 sources
Severity
8.8HIGH
EPSS
0.2%
top 52.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Sourcecodester Library Management SystemLibrary Management System Project Library Management System
Timeline
PublishedJul 20
Latest updateJul 21

Description

A vulnerability has been found in SourceCodester Library Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file lab.php. The manipulation of the argument Section with the input 1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x71716b7171,0x546e4444736b7743575a666d4873746a6450616261527a67627944426946507245664143694c6a4c,0x7162706b71),NULL,NULL,NULL,NULL# leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-pwr2-748r-w9w2: A vulnerability has been found in SourceCodester Library Management System 12022-07-21
CVEList
SourceCodester Library Management System lab.php sql injection2022-07-20
CVE-2022-2491 (HIGH CVSS 8.8) | A vulnerability has been found in S | cvebase.io