CVE-2022-1839
Home Clean Services Management System login.php sql injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability classified as critical was found in Home Clean Services Management System 1.0. This vulnerability affects the file login.php. The manipulation of the argument email with the input admin%'/**/AND/**/(SELECT/**/5383/**/FROM/**/(SELECT(SLEEP(2)))JPeh)/**/AND/**/'frfq%'='frfq leads to sql injection. The attack can be initiated remotely but it requires authentication. Exploit details have been disclosed to the public.
Se ha encontrado una vulnerabilidad clasificada como crítica en Home Clean Services Management System versión 1.0. Esta vulnerabilidad afecta al archivo login.php. La manipulación del argumento email con el input admin%"/**/AND/**/(SELECT/**/5383/**/FROM/**/(SELECT(SLEEP(2)))JPeh)/**/AND/**/"frfq%"="frfq conlleva a una inyección sql. El ataque puede ser iniciado remotamente pero requiere autenticación. Los detalles de la explotación han sido divulgados al público
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-05-24 CVE Reserved
- 2022-05-24 CVE Published
- 2023-12-15 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://vuldb.com/?id.200584 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/Home%20Clean%20Services%20Management%20System/HCS_login_email_SQL_injection.md | 2024-08-03 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Home Clean Services Management System Project Search vendor "Home Clean Services Management System Project" | Home Clean Services Management System Search vendor "Home Clean Services Management System Project" for product "Home Clean Services Management System" | 1.0 Search vendor "Home Clean Services Management System Project" for product "Home Clean Services Management System" and version "1.0" | - |
Affected
|