CVE-2022-2656

CWE-89SQL InjectionCWE-319Cleartext TransmissionCWE-522Insufficiently Protected CredentialsCWE-78OS Command Injection5 documents4 sources
Severity
9.8CRITICAL
EPSS
0.3%
top 45.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Sourcecodester Multi Language Hotel Management Software
Timeline
PublishedAug 4
Latest updateAug 5

Description

A vulnerability classified as critical has been found in SourceCodester Multi Language Hotel Management Software. Affected is an unknown function. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205596.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages1 packages

🔴Vulnerability Details

4
GHSA
GHSA-hg47-jxwx-xqg5: A vulnerability classified as critical has been found in SourceCodester Multi Language Hotel Management Software2022-08-05
CVEList
SourceCodester Multi Language Hotel Management Software sql injection2022-08-04
GHSA
Jenkins Pipeline: Groovy Plugin has Insufficiently Protected Credentials2022-02-16
GHSA
Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Groovy Plugin2022-02-16
CVE-2022-2656 (CRITICAL CVSS 9.8) | A vulnerability classified as criti | cvebase.io