First published: Mon Aug 08 2022(Updated: )
A vulnerability, which was classified as critical, was found in SourceCodester Gym Management System. This affects an unknown part of the file login.php. The manipulation of the argument user_login with the input 123@xx.com' OR (SELECT 9084 FROM(SELECT COUNT(*),CONCAT(0x7178767871,(SELECT (ELT(9084=9084,1))),0x71767a6271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- dPvW leads to sql injection. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-205833 was assigned to this vulnerability.
Credit: cna@vuldb.com
Affected Software | Affected Version | How to fix |
---|---|---|
Gym Management System Project Gym Management System |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-2708 is a critical vulnerability found in SourceCodester Gym Management System.
CVE-2022-2708 affects an unknown part of the file login.php in SourceCodester Gym Management System.
The severity of CVE-2022-2708 is classified as critical with a severity value of 9.8.
CVE-2022-2708 can be exploited by manipulating the user_login argument with a specific input.
There is no specific fix available mentioned for CVE-2022-2708. It is recommended to stay updated with the latest version of SourceCodester Gym Management System.