Vulnerability Details CVE-2022-1839
A vulnerability classified as critical was found in Home Clean Services Management System 1.0. This vulnerability affects the file login.php. The manipulation of the argument email with the input admin%'/**/AND/**/(SELECT/**/5383/**/FROM/**/(SELECT(SLEEP(2)))JPeh)/**/AND/**/'frfq%'='frfq leads to sql injection. The attack can be initiated remotely but it requires authentication. Exploit details have been disclosed to the public.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 62.9%
CVSS Severity
CVSS v3 Score 6.3
CVSS v2 Score 6.5
References
- https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/Home%20Clean%20Services%20Management%20System/HCS_login_email_SQL_injection.md
- https://vuldb.com/?id.200584
- https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/Home%20Clean%20Services%20Management%20System/HCS_login_email_SQL_injection.md
- https://vuldb.com/?id.200584
Products affected by CVE-2022-1839
-
Home Clean Services Management System Project » Home Clean Services Management System » Version: 1.0cpe:2.3:a:home_clean_services_management_system_project:home_clean_services_management_system:1.0