CVE-2022-2708

CWE-89SQL Injection4 documents4 sources
Severity
9.8CRITICAL
EPSS
0.2%
top 52.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Sourcecodester GYM Management System
Timeline
PublishedAug 8
Latest updateAug 9

Description

A vulnerability, which was classified as critical, was found in SourceCodester Gym Management System. This affects an unknown part of the file login.php. The manipulation of the argument user_login with the input [email protected]' OR (SELECT 9084 FROM(SELECT COUNT(*),CONCAT(0x7178767871,(SELECT (ELT(9084=9084,1))),0x71767a6271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- dPvW leads to sql injection. Access to the local network is required for this attack. The exploit has been dis

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.1 | Impact: 3.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-rf96-7v98-4q5q: A vulnerability, which was classified as critical, was found in SourceCodester Gym Management System2022-08-09
CVEList
SourceCodester Gym Management System login.php sql injection2022-08-08
CVE-2022-2708 (CRITICAL CVSS 9.8) | A vulnerability | cvebase.io