CVE-2022-3414

2025-08-04 08:44:25 +00:00 · 2022-10-07 08:02:39 +02:00 · 2022-10-07 08:02:39 +02:00 · 34e7c1afbf
commit 34e7c1afbf
parent 2a9ea91e4d
1 changed files with 58 additions and 3 deletions
--- a/2022/3xxx/CVE-2022-3414.json
+++ b/2022/3xxx/CVE-2022-3414.json
@ -4,14 +4,69 @@
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2022-3414",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "TITLE": "SourceCodester Web-Based Student Clearance System POST Parameter login.php sql injection",
+        "REQUESTER": "cna@vuldb.com",
+        "ASSIGNER": "cna@vuldb.com",
+        "STATE": "PUBLIC"
+    },
+    "generator": "vuldb.com",
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "SourceCodester",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Web-Based Student Clearance System",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n\/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-89 SQL Injection"
+                    }
+                ]
+            }
+        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A vulnerability was found in SourceCodester Web-Based Student Clearance System. It has been classified as critical. Affected is an unknown function of the file \/Admin\/login.php of the component POST Parameter Handler. The manipulation of the argument txtusername leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-210246 is the identifier assigned to this vulnerability."
+            }
+        ]
+    },
+    "impact": {
+        "cvss": {
+            "version": "3.1",
+            "baseScore": "5.0",
+            "vectorString": "CVSS:3.1\/AV:N\/AC:H\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L"
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https:\/\/www.jianshu.com\/p\/8f7b7b532c02"
+            },
+            {
+                "url": "https:\/\/vuldb.com\/?id.210246"
            }
        ]
    }