CVE-2022-36198 β€” SQL Injection in BUS Pass Management System

CWE-89 β€” SQL Injection3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.3%
top 50.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Phpgurukul BUS Pass Management System
Timeline
PublishedAug 22
Latest updateAug 23

Description

Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.php, buspassms/admin/pass-bwdates-reports-details.php, buspassms/admin/changeimage.php, buspassms/admin/search-pass.php, buspassms/admin/edit-category-detail.php, and buspassms/admin/edit-pass-detail.php

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

πŸ”΄Vulnerability Details

2
GHSA
GHSA-c3p6-84mv-rjf3: Multiple SQL injections detected in Bus Pass Management System 1β†—2022-08-23
β–Ά
CVEList
CVE-2022-36198: Multiple SQL injections detected in Bus Pass Management System 1β†—2022-08-22
β–Ά
CVE-2022-36198 β€” SQL Injection | cvebase