CVE-2022-37138 — SQL Injection in Loan Management System

CWE-89 — SQL Injection3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.3%

top 50.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Razormist Loan Management System

Timeline

PublishedSep 14

Latest updateSep 15

Description

Loan Management System 1.0 is vulnerable to SQL Injection at the login page, which allows unauthorized users to login as Administrator after injecting username form.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDrazormist/loan_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-9rf5-c55x-ggx3: Loan Management System 1↗2022-09-15

▶

CVEList

CVE-2022-37138: Loan Management System 1↗2022-09-14

▶