CVE-2022-2672: SQL Injection
First published: Fri Aug 05 2022(Updated: )
A vulnerability was found in SourceCodester Garage Management System. It has been classified as critical. Affected is an unknown function of the file createUser.php. The manipulation of the argument userName/uemail leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205656.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Garage Management System Project Garage Management System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-2672?
CVE-2022-2672 is a vulnerability found in the SourceCodester Garage Management System that allows for remote SQL injection attacks.
What is the severity of CVE-2022-2672?
CVE-2022-2672 has a severity rating of 8.8, which is classified as high.
How does CVE-2022-2672 affect Garage Management System?
CVE-2022-2672 affects Garage Management System by exploiting an unknown function in the file createUser.php, allowing for SQL injection attacks.
How can the SQL injection vulnerability in createUser.php be exploited?
The SQL injection vulnerability in createUser.php can be exploited by manipulating the userName or uemail parameter in a way that allows for unauthorized SQL queries to be executed.
Is CVE-2022-2672 fixable?
Yes, CVE-2022-2672 can be fixed by implementing proper input validation and sanitization in the affected createUser.php file.