cve/2022/CVE-2022-2706.md

### [CVE-2022-2706](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2706)
![](https://img.shields.io/static/v1?label=Product&message=Online%20Class%20and%20Exam%20Scheduling%20System&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)

### Description

A vulnerability classified as critical has been found in SourceCodester Online Class and Exam Scheduling System 1.0. Affected is an unknown function of the file /pages/class_sched.php. The manipulation of the argument class with the input '||(SELECT 0x684d6b6c WHERE 5993=5993 AND (SELECT 2096 FROM(SELECT COUNT(*),CONCAT(0x717a786b71,(SELECT (ELT(2096=2096,1))),0x717a626271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||' leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-205830 is the identifier assigned to this vulnerability.

### POC

#### Reference
- https://vuldb.com/?id.205830

#### Github
No PoCs found on GitHub currently.
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2022-2706](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2706)`
			`![](https://img.shields.io/static/v1?label=Product&message=Online%20Class%20and%20Exam%20Scheduling%20System&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)`

			`### Description`

			A vulnerability classified as critical has been found in SourceCodester Online Class and Exam Scheduling System 1.0. Affected is an unknown function of the file /pages/class_sched.php. The manipulation of the argument class with the input '\|\|(SELECT 0x684d6b6c WHERE 5993=5993 AND (SELECT 2096 FROM(SELECT COUNT(),CONCAT(0x717a786b71,(SELECT (ELT(2096=2096,1))),0x717a626271,FLOOR(RAND(0)2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))\|\|' leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-205830 is the identifier assigned to this vulnerability.

			`### POC`

			`#### Reference`
			`- https://vuldb.com/?id.205830`

			`#### Github`
			`No PoCs found on GitHub currently.`