CVE-2022-29652 — MEDIUM (6.1)

Vulnerability Description

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=save_client.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Online Sports Complex Booking System Project	Online Sports Complex Booking System	1.0

Related Weaknesses (CWE)

CWE-89

References

https://github.com/playZG/Exploit-/blob/main/Online%20Sports%20Complex%20BookingExploitThird Party Advisory
https://packetstormsecurity.com/files/166641/Online-Sports-Complex-Booking-SysteExploitThird Party AdvisoryVDB Entry
https://github.com/playZG/Exploit-/blob/main/Online%20Sports%20Complex%20BookingExploitThird Party Advisory
https://packetstormsecurity.com/files/166641/Online-Sports-Complex-Booking-SysteExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2022-29652?

CVE-2022-29652 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=save_client.

How severe is CVE-2022-29652?

CVE-2022-29652 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-29652?

Check the references section above for vendor advisories and patch information. Affected products include: Online Sports Complex Booking System Project Online Sports Complex Booking System.