Vulnerability Description
There are two full (read/write) Blind/Time-based SQL injection vulnerabilities in the Northstar Club Management version 6.3 application. The vulnerabilities exist in the userName parameter of the processlogin.jsp page in the /northstar/Portal/ directory and the userID parameter of the login.jsp page in the /northstar/iphone/ directory. Exploitation of the SQL injection vulnerabilities allows full access to the database which contains critical data for organization’s that make full use of the software suite.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Globalnorthstar | Northstar Club Management | 6.3 |
Related Weaknesses (CWE)
References
- https://assura.atlassian.net/wiki/spaces/VULNS/pages/1842675717/CVE-2022-26959+NExploitIssue TrackingThird Party Advisory
- https://www.assurainc.com/services/advisory-services/threat-vuln-assessment/Broken Link
- https://assura.atlassian.net/wiki/spaces/VULNS/pages/1842675717/CVE-2022-26959+NExploitIssue TrackingThird Party Advisory
- https://www.assurainc.com/services/advisory-services/threat-vuln-assessment/Broken Link
FAQ
What is CVE-2022-26959?
CVE-2022-26959 is a vulnerability with a CVSS score of 10.0 (CRITICAL). There are two full (read/write) Blind/Time-based SQL injection vulnerabilities in the Northstar Club Management version 6.3 application. The vulnerabilities exist in the userName parameter of the proc...
How severe is CVE-2022-26959?
CVE-2022-26959 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-26959?
Check the references section above for vendor advisories and patch information. Affected products include: Globalnorthstar Northstar Club Management.