CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-26285

Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.03

EPSS Ranking 86.1%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://github.com/Dir0x/Multiple-SQLi-in-Simple-Subscription-Company/blob/main/apply_sqli.py
https://github.com/Dir0x/Multiple-SQLi-in-Simple-Subscription-Company/blob/main/apply_sqli.py

Products affected by CVE-2022-26285

Simple Client Management System Project » Simple Client Management System » Version: 1.0

cpe:2.3:a:simple_client_management_system_project:simple_client_management_system:1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-26285

Products

Pricing

Contact Us