A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable course_code and/or customer_number parameter.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/167017/Microfinance-Management-System-1.0-SQL-Injection.html | Exploit Third Party Advisory VDB Entry |
https://github.com/erengozaydin/Microfinance-Management-System-V1.0-SQL-Injection-Vulnerability-Unauthenticated | Exploit Third Party Advisory |
https://www.sourcecodester.com/php/14822/microfinance-management-system.html | Product Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-04-19T12:32:00
Updated: 2022-05-11T17:06:09
Reserved: 2022-03-25T00:00:00
Link: CVE-2022-27927
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-04-19T13:15:08.483
Modified: 2022-09-09T16:55:14.620
Link: CVE-2022-27927
JSON object: View
Redhat Information
No data.
CWE