First published: Fri Aug 05 2022(Updated: )
A vulnerability was found in SourceCodester Garage Management System. It has been classified as critical. Affected is an unknown function of the file createUser.php. The manipulation of the argument userName/uemail leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205656.
Credit: cna@vuldb.com
Affected Software | Affected Version | How to fix |
---|---|---|
Garage Management System Project Garage Management System |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-2672 is a vulnerability found in the SourceCodester Garage Management System that allows for remote SQL injection attacks.
CVE-2022-2672 has a severity rating of 8.8, which is classified as high.
CVE-2022-2672 affects Garage Management System by exploiting an unknown function in the file createUser.php, allowing for SQL injection attacks.
The SQL injection vulnerability in createUser.php can be exploited by manipulating the userName or uemail parameter in a way that allows for unauthorized SQL queries to be executed.
Yes, CVE-2022-2672 can be fixed by implementing proper input validation and sanitization in the affected createUser.php file.