Cyber Cafe Management System
CVE-2022-29009
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication.
AnalysisAI
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication. Affected products include: Phpgurukul Cyber Cafe Management System.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.
More in Cyber Cafe Management System
View allPhpgurukul Cyber Cafe Management System v1.0 has SQL injection in the username parameter of add-users.php. PoC available
SQL Injection vulnerability in /edit-computer-detail.php in phpgurukul Cyber Cafe Management System Using PHP & MySQL v1
SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arb
A time-based blind SQL Injection vulnerability exists in PHPGurukul Cyber Cafe Management System v1.0 within the adminpr
A vulnerability classified as critical has been found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. Rated me
A vulnerability, which was classified as critical, was found in PHPGurukul Cyber Cafe Management System 1.0. Rated mediu
Cyber Cafe Management System versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 6.1).
Cyber Cafe Management System versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 6.1).
Cross-site scripting (XSS) vulnerability in Phpgurukul Cyber Cafe Management System 1.0 allows remote attackers to injec
Cross Site Scripting vulnerability in Cyber Cafe Management System 1.0 allows a remote attacker to execute arbitrary cod
SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arb
A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. Rated medium severity (CVSS 5.3), th
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today