CVE-2022-29006 Vulnerability Information Suggested Description: - Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication. Vulnerability Type: - SQL Injection Vendor of Product: - Directory Management System 1.0 - SQL Injection Authentication Bypass Affected Product Code Base: - https://phpgurukul.com/directory-management-system-using-php-and-mysql/ - 1.0 Affected Component: - /dfsms/index.php Attack Type: - Local Impact Code execution: - true Attack Vectors: - Go to Login Panel and try to bypass login. #username: admin' or '1'='1 and password: dfsms Reference: - https://www.exploit-db.com/exploits/50370 Discoverer: - sanjay singh