Vulnerability Details CVE-2022-37138
Loan Management System 1.0 is vulnerable to SQL Injection at the login page, which allows unauthorized users to login as Administrator after injecting username form.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.1%
CVSS Severity
CVSS v3 Score 9.8
References
- https://github.com/saitamang/POC-DUMP/blob/main/Loan%20Management%20System/README.md
- https://www.sourcecodester.com/php/15529/loan-management-system-oop-php-mysqlijquery-free-source-code.html
- https://github.com/saitamang/POC-DUMP/blob/main/Loan%20Management%20System/README.md
- https://www.sourcecodester.com/php/15529/loan-management-system-oop-php-mysqlijquery-free-source-code.html
Products affected by CVE-2022-37138
-
cpe:2.3:a:razormist:loan_management_system:1.0