CVE-2022-2644— SourceCodester Online Admission System GET Parameter sql injection

SourceCodester Online Admission System GET Parameter sql injection

A vulnerability was found in SourceCodester Online Admission System and classified as critical. This issue affects some unknown processing of the component GET Parameter Handler. The manipulation of the argument eid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-205565 was assigned to this vulnerability.

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

SQL命令中使用的特殊元素转义处理不恰当(SQL注入)

Online Admission System SQL注入漏洞

Online Admission System是RASHMI KUMARI个人开发者的一个网上录取系统。 Online Admission System存在SQL注入漏洞，该漏洞源于其对GET参数处理组件中的未知功能对参数eid的操作会导致攻击者执行SQL注入。该攻击方法已经被公开并且可以由远程发起，存在被利用的风险。

N/A

N/A