A vulnerability, which was classified as critical, was found in SourceCodester Gym Management System. This affects an unknown part of the file login.php. The manipulation of the argument user_login with the input 123@xx.com' OR (SELECT 9084 FROM(SELECT COUNT(*),CONCAT(0x7178767871,(SELECT (ELT(9084=9084,1))),0x71767a6271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- dPvW leads to sql injection. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-205833 was assigned to this vulnerability.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://vuldb.com/?id.205833 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: VulDB
Published: 2022-08-08T12:50:48
Updated: 2024-08-03T00:46:03.862Z
Reserved: 2022-08-08T00:00:00
Link: CVE-2022-2708
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-08-08T13:15:08.830
Modified: 2022-08-12T16:04:02.630
Link: CVE-2022-2708
Redhat
No data.