Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2022-29006 — SQL Injection in Directory Management System
Severity
9.8CRITICALNVD
EPSS
85.9%
top 0.61%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedMay 11
Latest updateMay 12
Description
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages1 packages
🔴Vulnerability Details
2GHSAâ–¶
GHSA-r4hm-44p5-j553: Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1↗2022-05-12
CVEListâ–¶
CVE-2022-29006: Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1↗2022-05-11
💥Exploits & PoCs
1Nucleiâ–¶
Directory Management System 1.0 - SQL Injection