CVE-2022-36193

critical

Description

SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries.

References

https://github.com/lahirudanushka/School-Management-System---PHP-MySQL

https://github.com/G37SYS73M/Advisory_G37SYS73M/blob/main/CVE-2022-36193/POC.md

Details

Source: Mitre, NVD

Published: 2022-11-28

Updated: 2024-10-17

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H