Vulnerability Details CVE-2022-30927
A SQL injection vulnerability exists in Simple Task Scheduling System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable "id" parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/ykosan1/Simple-Task-Scheduling-System-id-SQL-Injection-Unauthenticated
- https://www.sourcecodester.com/php/15328/simple-task-scheduler-system-phpoop-free-source-code.html
- https://www.sourcecodester.com/sites/default/files/download/oretnom23/tss.zip
- https://github.com/ykosan1/Simple-Task-Scheduling-System-id-SQL-Injection-Unauthenticated
- https://www.sourcecodester.com/php/15328/simple-task-scheduler-system-phpoop-free-source-code.html
- https://www.sourcecodester.com/sites/default/files/download/oretnom23/tss.zip
Products affected by CVE-2022-30927
-
cpe:2.3:a:simple_task_scheduling_system_project:simple_task_scheduling_system:1.0