Vulnerability Details CVE-2022-27927
A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable course_code and/or customer_number parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.136
EPSS Ranking 96.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://packetstormsecurity.com/files/167017/Microfinance-Management-System-1.0-SQL-Injection.html
- https://github.com/erengozaydin/Microfinance-Management-System-V1.0-SQL-Injection-Vulnerability-Unauthenticated
- https://www.sourcecodester.com/php/14822/microfinance-management-system.html
- http://packetstormsecurity.com/files/167017/Microfinance-Management-System-1.0-SQL-Injection.html
- https://github.com/erengozaydin/Microfinance-Management-System-V1.0-SQL-Injection-Vulnerability-Unauthenticated
- https://www.sourcecodester.com/php/14822/microfinance-management-system.html
Products affected by CVE-2022-27927
-
cpe:2.3:a:microfinance_management_system_project:microfinance_management_system:1.0