CVE-2022-3473: SourceCodester Human Resource Management System getstatecity.php sql injection
First published: Wed Oct 12 2022(Updated: )
A vulnerability classified as critical has been found in SourceCodester Human Resource Management System. This affects an unknown part of the file getstatecity.php. The manipulation of the argument ci leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-210717 was assigned to this vulnerability.
Credit: cna@vuldb.com cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sourcecodester Human Resource Management System | ||
| Sourcecodester Human Resource Management System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-3473?
CVE-2022-3473 is classified as a critical vulnerability.
How do I fix CVE-2022-3473?
You can mitigate CVE-2022-3473 by properly sanitizing the ci parameter input in the getstatecity.php file to prevent SQL injection.
What type of vulnerability is CVE-2022-3473?
CVE-2022-3473 is a SQL injection vulnerability.
Can CVE-2022-3473 be exploited remotely?
Yes, CVE-2022-3473 can be exploited remotely.
Which software is affected by CVE-2022-3473?
CVE-2022-3473 affects the SourceCodester Human Resource Management System.
- agent/references
- agent/author
- agent/type
- agent/softwarecombine
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/severity
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/human resource management system project
- canonical/sourcecodester human resource management system
- vendor/oretnom23