CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2677 – SourceCodester Apartment Visitor Management System index.php sql injection
https://notcve.org/view.php?id=CVE-2022-2677
05 Aug 2022 — A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been classified as critical. This affects an unknown part of the file index.php. The manipulation of the argument username with the input ' AND (SELECT 4955 FROM (SELECT(SLEEP(5)))RSzF) AND 'htiy'='htiy leads to sql injection. It is possible to initiate the attack remotely. • https://github.com/anx0ing/CVE_demo/blob/main/2022/Apartment%20Visitor%20Management%20System-SQL%20injections.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2021-38833
https://notcve.org/view.php?id=CVE-2021-38833
13 Sep 2021 — SQL injection vulnerability in PHPGurukul Apartment Visitors Management System (AVMS) v. 1.0 allows attackers to execute arbitrary SQL statements and to gain RCE. Una vulnerabilidad de inyección SQL en PHPGurukul Apartment Visitors Management System (AVMS) versión v.1.0, permite a atacantes ejecutar sentencias SQL arbitrarias y obtener un RCE • https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-38833 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •