Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2022-29009 — SQL Injection in Cyber Cafe Management System

CWE-89 — SQL Injection4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

86.4%

top 0.59%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Phpgurukul Cyber Cafe Management System

Timeline

PublishedMay 11

Latest updateMay 12

Description

Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDphpgurukul/cyber_cafe_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-9mh2-w9qg-8prq: Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1↗2022-05-12

▶

CVEList

CVE-2022-29009: Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1↗2022-05-11

▶

💥Exploits & PoCs

Nuclei

Cyber Cafe Management System 1.0 - SQL Injection

▶