PT-2022-3877 · Sourcecodester · Sourcecodester Garage Management System

Xiahao90

Published

2022-07-19

Updated

2022-07-27

CVE-2022-2468

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions SourceCodester Garage Management System version 1.0

Description A critical issue affects the processing of the file /editbrand.php, where the manipulation of the id argument leads to SQL injection. This allows an attacker to execute arbitrary commands by sending specially crafted SQL queries. The attack can be initiated remotely.

Recommendations For SourceCodester Garage Management System version 1.0, consider disabling the /editbrand.php file or restricting access to it until a patch is available. Avoid using the id argument in the /editbrand.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

BDU:2022-04682

CVE-2022-2468

Affected Products

Sourcecodester Garage Management System

PT-2022-3877 · Sourcecodester · Sourcecodester Garage Management System

CVE-2022-2468

Weakness Enumeration

Related Identifiers

Affected Products

References · 10