CVE-2022-40933: SQL Injection
First published: Thu Sep 22 2022(Updated: )
Online Pet Shop We App v1.0 by oretnom23 is vulnerable to SQL injection via /pet_shop/classes/Master.php?f=delete_order,id.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Online Pet Shop Web Application Project Online Pet Shop Web Application | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-40933?
The severity of CVE-2022-40933 is high with a CVSS score of 7.2.
How does CVE-2022-40933 affect the Online Pet Shop Web Application v1.0?
CVE-2022-40933 affects the Online Pet Shop Web Application v1.0 by allowing SQL injection via the /pet_shop/classes/Master.php?f=delete_order,id parameter.
How can I fix CVE-2022-40933 in the Online Pet Shop Web Application v1.0?
To fix CVE-2022-40933 in the Online Pet Shop Web Application v1.0, developers should implement proper input validation and parameterization to prevent SQL injection attacks.
What is SQL injection?
SQL injection is a code injection technique used by attackers to exploit vulnerabilities in a web application's database layer, allowing them to manipulate or retrieve sensitive data.
What is the Common Weakness Enumeration (CWE) ID associated with CVE-2022-40933?
The Common Weakness Enumeration (CWE) ID associated with CVE-2022-40933 is CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')).
- collector/nvd-index
- agent/weakness
- agent/type
- agent/description
- vendor/online pet shop web application project
- canonical/online pet shop web application project online pet shop web application
- version/online pet shop web application project online pet shop web application/1.0