CVE-2022-32028
published 2022-06-02CVE-2022-32028: Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_user.php?id=.
PriorityP346high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EXPLOIT
EPSS
4.92%
91.0th percentile
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_user.php?id=.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| car_rental_management_system_project | car_rental_management_system | — | — |
| msrc | microsoft_ole_db_driver_18_for_sql_server | — | — |
| msrc | microsoft_ole_db_driver_19_for_sql_server | — | — |
| msrc | microsoft_visual_studio_2019_version_16.11 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.2 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.4 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.6 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.8 | — | — |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_msrc7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2xxw-6qjm-9qhq: Car Rental Management System v1
ghsa_unreviewed·2022-06-03
CVE-2022-32028 [HIGH] CWE-89 GHSA-2xxw-6qjm-9qhq: Car Rental Management System v1
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_user.php?id=.
Microsoft
Microsoft SQL OLE DB Remote Code Execution Vulnerability
vendor_msrc·2023-06-13·CVSS 7.8
CVE-2023-32028 [HIGH] CWE-122 Microsoft SQL OLE DB Remote Code Execution Vulnerability
Microsoft SQL OLE DB Remote Code Execution Vulnerability
FAQ: If I normally install GDR versions and have not installed the June Cumulative Update, am I affected by the vulnerability?
Yes, customers who have installed Microsoft SQL Server 2022 for x64-based Systems (GDR) or Microsoft SQL Server 2019 for x64-based Systems (GDR) are vulnerable. Microsoft recommends updating to the latest cumulative update to be protected from this vulnerability.
FAQ: How could an attacker exploit this vulnerability?
An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.
SQL Serv
No detection rules found.
Nuclei
Car Rental Management System 1.0 - SQL Injection
nuclei·CVSS 7.2
CVE-2022-32026 [HIGH] Car Rental Management System 1.0 - SQL Injection
Car Rental Management System 1.0 - SQL Injection
Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/manage_booking.php?id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
Template:
id: CVE-2022-32026
info:
name: Car Rental Management System 1.0 - SQL Injection
author: arafatansari
severity: high
description: |
Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/manage_booking.php?id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
impact: |
Successful exploitation of this vuln
Nuclei
Car Rental Management System 1.0 - SQL Injection
nuclei·CVSS 7.2
CVE-2022-32028 [HIGH] Car Rental Management System 1.0 - SQL Injection
Car Rental Management System 1.0 - SQL Injection
Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/manage_user.php?id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
Template:
id: CVE-2022-32028
info:
name: Car Rental Management System 1.0 - SQL Injection
author: arafatansari
severity: high
description: |
Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/manage_user.php?id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
impact: |
Successful exploitation of this vulnerabil
No writeups or analysis indexed.
2022-06-02
Published