nvd-json-data-feeds/CVE-2022/CVE-2022-245xx/CVE-2022-24571.json

{
  "id": "CVE-2022-24571",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2022-02-28T14:15:08.407",
  "lastModified": "2022-03-08T17:38:58.790",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Car Driving School Management System v1.0 is affected by SQL injection in the login page. An attacker can use simple SQL login injection payload to get admin access."
    },
    {
      "lang": "es",
      "value": "Car Driving School Management System versi\u00f3n v1.0, est\u00e1 afectado por una inyecci\u00f3n SQL en la p\u00e1gina de inicio de sesi\u00f3n. Un atacante puede usar una simple carga \u00fatil de inyecci\u00f3n SQL de inicio de sesi\u00f3n para conseguir acceso de administrador."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:car_driving_school_management_system_project:car_driving_school_management_system:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0760BF42-C181-4341-A18A-D8B820892F3A"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/nsparker1337/OpenSource/blob/main/exploit_sql",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-24571",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://www.nu11secur1ty.com/2022/03/cve-2022-24571.html",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}