CVE-2022-2018

Name of the Vulnerable Software and Affected Versions SourceCodester Prison Management System version 1.0

Description A critical vulnerability has been found in the SourceCodester Prison Management System. The issue is related to the manipulation of the id argument in the /admin/?page=inmates/view inmate endpoint of the Inmate Handler component. By providing a specific input, 1%27%20and%201=2%20union%20select%201,user(),3,4,5,6,7,8,9,0,database(),2,3,4,5,6,7,8,9,0,1,2,3,4--+, it leads to SQL injection. This vulnerability can be exploited remotely.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the /admin/?page=inmates/view inmate endpoint to minimize the risk of exploitation. Avoid using the id argument in the affected endpoint until the issue is resolved.