CVE-2022-4052

2022-11-1717:15:14

CWE-707

CWE-89

[email protected]

web.nvd.nist.gov

vulnerability

student attendance management system

critical

file processing

sql injection

remote attack

public exploit disclosure

vdb-213845

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

54.0%

JSON

A vulnerability was found in Student Attendance Management System and classified as critical. This issue affects some unknown processing of the file /Admin/createClass.php. The manipulation of the argument Id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213845 was assigned to this vulnerability.

Affected configurations

Nvd

Node

student_attendance_management_system_projectstudent_attendance_management_systemMatch-

VendorProductVersionCPE
student_attendance_management_system_projectstudent_attendance_management_system-cpe:2.3:a:student_attendance_management_system_project:student_attendance_management_system:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
student_attendance_management_system_project	student_attendance_management_system	-	cpe:2.3:a:student_attendance_management_system_project:student_attendance_management_system:-:::::::*