Lucene search

[email protected]NVD:CVE-2022-35422

HistoryAug 02, 2022 - 3:15 a.m.

CVE-2022-35422

2022-08-0203:15:09

CWE-89

[email protected]

web.nvd.nist.gov

web based quiz

sql injection

qid parameter

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

54.5%

JSON

Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the qid parameter at update.php.

Affected configurations

Nvd

Node

web_based_quiz_system_projectweb_based_quiz_systemMatch1.0

VendorProductVersionCPE
web_based_quiz_system_projectweb_based_quiz_system1.0cpe:2.3:a:web_based_quiz_system_project:web_based_quiz_system:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
web_based_quiz_system_project	web_based_quiz_system	1.0	cpe:2.3:a:web_based_quiz_system_project:web_based_quiz_system:1.0:::::::*

References

www.yuque.com/docs/share/eadc0bf7-7113-40f5-b4e3-14b66c6e8af9

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

54.5%

JSON

Related for NVD:CVE-2022-35422

prion1 cvelist1 cve1