Vulnerability Details CVE-2022-37794
In Library Management System 1.0 the /card/in-card.php file id_no parameters are vulnerable to SQL injection.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.1%
CVSS Severity
CVSS v3 Score 9.8
References
- https://github.com/anx0ing/CVE_demo/blob/main/2022/Library%20Management%20System%20with%20QR%20code%20Attendance%20and%20Auto%20Generate%20Library%20Card%20-%20SQL%20injections.md
- https://github.com/anx0ing/CVE_demo/blob/main/2022/Library%20Management%20System%20with%20QR%20code%20Attendance%20and%20Auto%20Generate%20Library%20Card%20-%20SQL%20injections.md
Products affected by CVE-2022-37794
-
cpe:2.3:a:library_management_system_project:library_management_system:1.0