Lucene search

MitreCVE-2022-29317

HistoryMay 11, 2022 - 1:15 p.m.

CVE-2022-29317

2022-05-1113:15:08

CWE-89

mitre

web.nvd.nist.gov

cve-2022-29317

simple bus ticket booking system

sql injection

username

password

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

50.0%

JSON

Simple Bus Ticket Booking System v1.0 was discovered to contain multiple SQL injection vulnerbilities via the username and password parameters at /assets/partials/_handleLogin.php.

Affected configurations

Nvd

Node

simple_bus_ticket_booking_system_projectsimple_bus_ticket_booking_systemMatch1.0

VendorProductVersionCPE
simple_bus_ticket_booking_system_projectsimple_bus_ticket_booking_system1.0cpe:2.3:a:simple_bus_ticket_booking_system_project:simple_bus_ticket_booking_system:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
simple_bus_ticket_booking_system_project	simple_bus_ticket_booking_system	1.0	cpe:2.3:a:simple_bus_ticket_booking_system_project:simple_bus_ticket_booking_system:1.0:::::::*

References

hackmd.io/%40taidh/r1FCJ1ME5

Social References

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

50.0%

JSON

Related for CVE-2022-29317