CVE-2022-4088: SQL Injection
First published: Thu Nov 24 2022(Updated: )
A vulnerability was found in rickxy Stock Management System and classified as critical. Affected by this issue is some unknown functionality of the file /pages/processlogin.php. The manipulation of the argument user/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214322 is the identifier assigned to this vulnerability.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Stock Management System Project Stock Management System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-4088?
CVE-2022-4088 is a critical vulnerability found in the rickxy Stock Management System, allowing remote SQL injection via the user/password argument in the /pages/processlogin.php file.
How severe is CVE-2022-4088?
CVE-2022-4088 has a severity rating of 9.8 (critical).
What is the affected software?
The affected software is the Stock Management System Project's Stock Management System.
How can I fix CVE-2022-4088?
To fix CVE-2022-4088, it is recommended to update the rickxy Stock Management System to a version that has patched the SQL injection vulnerability.
Where can I find more information about CVE-2022-4088?
You can find more information about CVE-2022-4088 on the GitHub issue tracker at https://github.com/rickxy/Stock-Management-System/issues/2 and on the VulDB entry at https://vuldb.com/?id.214322.