Lucene search

TR-CERTCVELIST:CVE-2022-2807

HistoryDec 12, 2022 - 1:50 a.m.

CVE-2022-2807 SQL Injection in Prens Student Information System

2022-12-1201:50:00

CWE-89

TR-CERT

www.cve.org

cve-2022-2807

sql injection

algan software

prens student information system

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

41.6%

JSON

SQL Injection vulnerability in Algan Software Prens Student Information System allows SQL Injection.This issue affects Prens Student Information System: before 2.1.11.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Prens Student Information System",
    "vendor": "Algan Software",
    "versions": [
      {
        "lessThan": "2.1.11",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.usom.gov.tr/bildirim/tr-22-0708

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

41.6%

JSON

Related for CVELIST:CVE-2022-2807