{ "id": "CVE-2022-2707", "sourceIdentifier": "cna@vuldb.com", "published": "2022-08-08T13:15:08.770", "lastModified": "2024-12-12T15:58:17.447", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in SourceCodester Online Class and Exam Scheduling System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/faculty_sched.php. The manipulation of the argument faculty with the input ' OR (SELECT 2078 FROM(SELECT COUNT(*),CONCAT(0x716a717071,(SELECT (ELT(2078=2078,1))),0x717a706a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- uYCM leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205831." }, { "lang": "es", "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en SourceCodester Online Class and Exam Scheduling System versi\u00f3n 1.0. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /pages/faculty_sched.php. La manipulaci\u00f3n del argumento facultad con la entrada \" OR (SELECT 2078 FROM(SELECT COUNT(*),CONCAT(0x716a717071,(SELECT (ELT(2078=2078,1)),0x717a706a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- uYCM conlleva a una inyecci\u00f3n sql. El ataque puede ser lanzado de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede ser usada. El identificador asociado a esta vulnerabilidad es VDB-205831" } ], "metrics": { "cvssMetricV31": [ { "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW" }, "exploitabilityScore": 2.8, "impactScore": 3.4 }, { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 5.9 } ] }, "weaknesses": [ { "source": "cna@vuldb.com", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-89" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:fabian:online_class_and_exam_scheduling_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "6816A95B-5961-49BE-9638-D735C9286FD4" } ] } ] } ], "references": [ { "url": "https://github.com/anx0ing/CVE_demo/blob/main/2022/Online%20Class%20and%20Exam%20Scheduling%20System-SQL%20injections.md", "source": "cna@vuldb.com", "tags": [ "Exploit", "Third Party Advisory" ] }, { "url": "https://vuldb.com/?id.205831", "source": "cna@vuldb.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://github.com/anx0ing/CVE_demo/blob/main/2022/Online%20Class%20and%20Exam%20Scheduling%20System-SQL%20injections.md", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ] }, { "url": "https://vuldb.com/?id.205831", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ] } ] }