Vulnerability Description
A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable course_code and/or customer_number parameter.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microfinance Management System Project | Microfinance Management System | 1.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/167017/Microfinance-Management-System-1.0-SExploitThird Party AdvisoryVDB Entry
- https://github.com/erengozaydin/Microfinance-Management-System-V1.0-SQL-InjectioExploitThird Party Advisory
- https://www.sourcecodester.com/php/14822/microfinance-management-system.htmlProductThird Party Advisory
- http://packetstormsecurity.com/files/167017/Microfinance-Management-System-1.0-SExploitThird Party AdvisoryVDB Entry
- https://github.com/erengozaydin/Microfinance-Management-System-V1.0-SQL-InjectioExploitThird Party Advisory
- https://www.sourcecodester.com/php/14822/microfinance-management-system.htmlProductThird Party Advisory
FAQ
What is CVE-2022-27927?
CVE-2022-27927 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vu...
How severe is CVE-2022-27927?
CVE-2022-27927 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-27927?
Check the references section above for vendor advisories and patch information. Affected products include: Microfinance Management System Project Microfinance Management System.