CVE-2022-2703 - OpenCVE

A vulnerability was found in SourceCodester Gym Management System. It has been classified as critical. This affects an unknown part of the component Exercises Module. The manipulation of the argument exer leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205827.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Gym Management System Project	Gym Management System

Configuration 1 [-]

cpe:2.3:a:gym_management_system_project:gym_management_system:-:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/gdianq/Gym-Management-Exercises-Sqlinjection/blob/main/README.md	Exploit Third Party Advisory
https://vuldb.com/?id.205827	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: VulDB

Published: 2022-08-08T12:50:19

Updated: 2022-08-08T12:50:19

Reserved: 2022-08-07T00:00:00

Link: CVE-2022-2703

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-08-08T13:15:08.530

Modified: 2022-08-11T17:52:53.747

Link: CVE-2022-2703

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"containers": {"cna": {"affected": [{"product": "Gym Management System", "vendor": "SourceCodester", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in SourceCodester Gym Management System. It has been classified as critical. This affects an unknown part of the component Exercises Module. The manipulation of the argument exer leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205827."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 SQL Injection", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-08T12:50:19", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/gdianq/Gym-Management-Exercises-Sqlinjection/blob/main/README.md"}, {"tags": ["x_refsource_MISC"], "url": "https://vuldb.com/?id.205827"}], "title": "SourceCodester Gym Management System Exercises Module sql injection", "x_generator": "vuldb.com", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@vuldb.com", "ID": "CVE-2022-2703", "REQUESTER": "cna@vuldb.com", "STATE": "PUBLIC", "TITLE": "SourceCodester Gym Management System Exercises Module sql injection"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Gym Management System", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "SourceCodester"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability was found in SourceCodester Gym Management System. It has been classified as critical. This affects an unknown part of the component Exercises Module. The manipulation of the argument exer leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205827."}]}, "generator": "vuldb.com", "impact": {"cvss": {"baseScore": "6.3", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-89 SQL Injection"}]}]}, "references": {"reference_data": [{"name": "https://github.com/gdianq/Gym-Management-Exercises-Sqlinjection/blob/main/README.md", "refsource": "MISC", "url": "https://github.com/gdianq/Gym-Management-Exercises-Sqlinjection/blob/main/README.md"}, {"name": "https://vuldb.com/?id.205827", "refsource": "MISC", "url": "https://vuldb.com/?id.205827"}]}}}}, "cveMetadata": {"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2022-2703", "datePublished": "2022-08-08T12:50:19", "dateReserved": "2022-08-07T00:00:00", "dateUpdated": "2022-08-08T12:50:19", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gym_management_system_project:gym_management_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "00059531-DBB0-4BEB-84D9-F5509B39529C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in SourceCodester Gym Management System. It has been classified as critical. This affects an unknown part of the component Exercises Module. The manipulation of the argument exer leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205827."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en SourceCodester Gym Management System. Ha sido clasificada como cr\u00edtica. Afecta a una parte desconocida del componente Exercises Module. La manipulaci\u00f3n del argumento exer conlleva a una inyecci\u00f3n sql. Es posible iniciar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede ser usada. El identificador asociado a esta vulnerabilidad es VDB-205827"}], "id": "CVE-2022-2703", "lastModified": "2022-08-11T17:52:53.747", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2022-08-08T13:15:08.530", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/gdianq/Gym-Management-Exercises-Sqlinjection/blob/main/README.md"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.205827"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "cna@vuldb.com", "type": "Primary"}]}