CVE-2022-3973
Pingkon HMS-PHP Data Pump Metadata admin.php sql injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability classified as critical has been found in Pingkon HMS-PHP. Affected is an unknown function of the file /admin/admin.php of the component Data Pump Metadata. The manipulation of the argument uname/pass leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213552.
Una vulnerabilidad ha sido encontrada en Pingkon HMS-PHP y clasificada como crítica. Una función desconocida del archivo /admin/admin.php del componente Data Pump Metadata es afectada por esta vulnerabilidad. La manipulación del argumento uname/pass conduce a la inyección de SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-213552.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-11-13 CVE Reserved
- 2022-11-13 CVE Published
- 2024-06-05 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-707: Improper Neutralization
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://vuldb.com/?id.213552 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://github.com/Pingkon/HMS-PHP/issues/1 | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Hms-php Project Search vendor "Hms-php Project" | Hms-php Search vendor "Hms-php Project" for product "Hms-php" | - | - |
Affected
| ||||||