Vulnerability Details CVE-2022-1838
A vulnerability classified as critical has been found in Home Clean Services Management System 1.0. This affects an unknown part of admin/login.php. The manipulation of the argument username with the input admin%'/**/AND/**/(SELECT/**/5383/**/FROM/**/(SELECT(SLEEP(5)))JPeh)/**/AND/**/'frfq%'='frfq leads to sql injection. It is possible to initiate the attack remotely but it requires authentication. Exploit details have been disclosed to the public.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.0%
CVSS Severity
CVSS v3 Score 4.7
CVSS v2 Score 6.5
References
- https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/Home%20Clean%20Services%20Management%20System/HCS_admin_SQL_Inject.md
- https://vuldb.com/?id.200583
- https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/Home%20Clean%20Services%20Management%20System/HCS_admin_SQL_Inject.md
- https://vuldb.com/?id.200583
Products affected by CVE-2022-1838
-
Home Clean Services Management System Project » Home Clean Services Management System » Version: 1.0cpe:2.3:a:home_clean_services_management_system_project:home_clean_services_management_system:1.0