Lucene search

MitreCVE-2022-29009

HistoryMay 11, 2022 - 2:15 p.m.

CVE-2022-29009

2022-05-1114:15:08

CWE-89

mitre

web.nvd.nist.gov

cve-2022-29009

sql injection

admin panel

cyber cafe management system

authentication bypass

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.134

Percentile

95.6%

JSON

Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication.

Affected configurations

Nvd

Node

phpgurukulcyber_cafe_management_systemMatch1.0

VendorProductVersionCPE
phpgurukulcyber_cafe_management_system1.0cpe:2.3:a:phpgurukul:cyber_cafe_management_system:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpgurukul	cyber_cafe_management_system	1.0	cpe:2.3:a:phpgurukul:cyber_cafe_management_system:1.0:::::::*

References

github.com/sudoninja-noob/CVE-2022-29009/blob/main/CVE-2022-29009.txt

www.exploit-db.com/exploits/50355

Social References

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.134

Percentile

95.6%

JSON

Related for CVE-2022-29009