Directory Management System
CVE-2022-29006
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication.
AnalysisAI
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication. Affected products include: Phpgurukul Directory Management System.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.
More in Directory Management System
View allDirectory Management System v1.0 was discovered to contain a SQL injection vulnerability via the fullname parameter in a
Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in vie
Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter in
A vulnerability classified as critical has been found in PHPGurukul Directory Management System 2.0. Rated medium severi
A vulnerability was found in PHPGurukul Directory Management System 2.0. Rated medium severity (CVSS 6.9), this vulnerab
A vulnerability was found in PHPGurukul Directory Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerab
A SQL Injection vulnerability was identified in the admin/edit-directory.php file of the PHPGurukul Directory Management
A vulnerability classified as problematic was found in PHPGurukul Directory Management System 1.0. Rated medium severity
A vulnerability classified as problematic has been found in PHPGurukul Directory Management System 1.0. Rated medium sev
A vulnerability, which was classified as problematic, has been found in PHPGurukul Directory Management System 2.0. Rate
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today