CVE-2022-2492

CWE-89 — SQL Injection CWE-474 CWE-120 — Classic Buffer Overflow5 documents5 sources

Severity

8.8HIGH

EPSS

0.2%

top 52.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Library Management System Library Management System Project Library Management System

Timeline

PublishedJul 20

Latest updateOct 4

Description

A vulnerability was found in SourceCodester Library Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php. The manipulation of the argument RollNo with the input admin' AND (SELECT 2625 FROM (SELECT(SLEEP(5)))MdIL) AND 'KXmq'='KXmq&Password=1231312312 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

▶CVEListV5sourcecodester/library_management_system1.0

▶NVDlibrary_management_system_project/library_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-3c4j-vv65-mwcv: A vulnerability was found in SourceCodester Library Management System 1↗2022-07-21

▶

CVEList

SourceCodester Library Management System index.php sql injection↗2022-07-20

▶

📋Vendor Advisories

Red Hat

kernel: IB/mad: Don't call to function that might sleep while in atomic context↗2025-10-04

▶

CISA

Microsoft Word Malformed Object Pointer Vulnerability↗2022-06-08

▶