CVE-2022-2648SQL Injection in Multi Language Hotel Management Software

CWE-89SQL InjectionCWE-522Insufficiently Protected CredentialsCWE-319Cleartext Transmission of Sensitive InfoCWE-78OS Command InjectionCWE-59Link Following8 documents5 sources
Severity
9.8CRITICALNVD
CNA6.3
EPSS
0.2%
top 54.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Sourcecodester Multi Language Hotel Management Software
Timeline
PublishedAug 4
Latest updateAug 5

Description

A vulnerability was found in SourceCodester Multi Language Hotel Management Software. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument room_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205595.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

4
GHSA
GHSA-c72w-cxrv-87g2: A vulnerability was found in SourceCodester Multi Language Hotel Management Software2022-08-05
CVEList
SourceCodester Multi Language Hotel Management Software sql injection2022-08-04
GHSA
Jenkins Pipeline: Groovy Plugin has Insufficiently Protected Credentials2022-02-16
GHSA
Improper Link Resolution Before File Access in Jenkins Pipeline: Groovy Plugin2022-02-16

📋Vendor Advisories

3
Red Hat
workflow-cps: Password parameters are included from the original build in replayed builds2022-02-15
Red Hat
workflow-cps: OS command execution through crafted SCM contents2022-02-15
Red Hat
workflow-cps: Pipeline-related plugins follow symbolic links or do not limit path names2022-02-15
CVE-2022-2648 — SQL Injection | cvebase