Vulnerability Description
Loan Management System 1.0 is vulnerable to SQL Injection at the login page, which allows unauthorized users to login as Administrator after injecting username form.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Razormist | Loan Management System | 1.0 |
Related Weaknesses (CWE)
References
- https://github.com/saitamang/POC-DUMP/blob/main/Loan%20Management%20System/READMExploitThird Party Advisory
- https://www.sourcecodester.com/php/15529/loan-management-system-oop-php-mysqlijqThird Party Advisory
- https://github.com/saitamang/POC-DUMP/blob/main/Loan%20Management%20System/READMExploitThird Party Advisory
- https://www.sourcecodester.com/php/15529/loan-management-system-oop-php-mysqlijqThird Party Advisory
FAQ
What is CVE-2022-37138?
CVE-2022-37138 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Loan Management System 1.0 is vulnerable to SQL Injection at the login page, which allows unauthorized users to login as Administrator after injecting username form.
How severe is CVE-2022-37138?
CVE-2022-37138 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-37138?
Check the references section above for vendor advisories and patch information. Affected products include: Razormist Loan Management System.