CVE-2022-3414 — Improper Neutralization in Web-based Student Clearance System

CWE-707 — Improper Neutralization CWE-89 — SQL Injection3 documents3 sources

Severity

9.8CRITICALNVD

CNA5.0

EPSS

0.2%

top 52.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Web-based Student Clearance System

Timeline

PublishedOct 7

Description

A vulnerability was found in SourceCodester Web-Based Student Clearance System. It has been classified as critical. Affected is an unknown function of the file /Admin/login.php of the component POST Parameter Handler. The manipulation of the argument txtusername leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-210246 is the identifier assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶CVEListV5sourcecodester/web-based_student_clearance_systemn/a

🔴Vulnerability Details

GHSA

GHSA-g8jm-78j9-qx76: A vulnerability was found in SourceCodester Web-Based Student Clearance System↗2022-10-07

▶

CVEList

SourceCodester Web-Based Student Clearance System POST Parameter login.php sql injection↗2022-10-07

▶