PT-2022-16725 · Unknown · Car Driving School Management System

Nu11Secur1Ty

Published

2022-02-28

Updated

2022-03-08

CVE-2022-24571

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Car Driving School Management System version 1.0

Description The issue concerns SQL injection in the login page of the Car Driving School Management System. An attacker can exploit this by using a simple SQL login injection payload to gain admin access.

Recommendations For Car Driving School Management System version 1.0, consider temporarily restricting access to the login page until a patch is available. As a mitigation measure, avoid using the login functionality with untrusted input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2022-24571

Affected Products

Car Driving School Management System

PT-2022-16725 · Unknown · Car Driving School Management System

CVE-2022-24571

Weakness Enumeration

Related Identifiers

Affected Products

References · 7