CVE-2022-2666 – SourceCodester Loan Management System login.php sql injection
https://notcve.org/view.php?id=CVE-2022-2666
A vulnerability has been found in SourceCodester Loan Management System and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/cxaqhq/Loan-Management-System-Sqlinjection https://vuldb.com/?ctiid.205618 https://vuldb.com/?id.205618 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-37138
https://notcve.org/view.php?id=CVE-2022-37138
Loan Management System 1.0 is vulnerable to SQL Injection at the login page, which allows unauthorized users to login as Administrator after injecting username form. Loan Management System versión 1.0, es vulnerable a una inyección SQL en la página de inicio de sesión, lo que permite a usuarios no autorizados iniciar sesión como administrador tras inyectar el formulario de nombre de usuario • https://github.com/saitamang/POC-DUMP/blob/main/Loan%20Management%20System/README.md https://www.sourcecodester.com/php/15529/loan-management-system-oop-php-mysqlijquery-free-source-code.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-37139
https://notcve.org/view.php?id=CVE-2022-37139
Loan Management System version 1.0 suffers from a persistent cross site scripting vulnerability. Loan Management System versión 1.0 sufre una vulnerabilidad persistente de cross site scripting • https://github.com/saitamang/POC-DUMP/blob/main/Loan%20Management%20System/README.md https://www.sourcecodester.com/php/15529/loan-management-system-oop-php-mysqlijquery-free-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •