Expense Management System
CVE-2022-36754
HIGH
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Expense Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Home/debit_credit_p.
AnalysisAI
Expense Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Home/debit_credit_p. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. Expense Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Home/debit_credit_p. Affected products include: Oretnom23 Expense Management System.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.
More in Expense Management System
View allAn issue in Expense Management System v.1.0 allows a local attacker to execute arbitrary code via a crafted file uploade
XSS in the Add Expense Component of EGavilan Media Expense Management System 1.0 allows an attacker to permanently store
A vulnerability was found in SourceCodester Expense Management System. Rated critical severity (CVSS 9.8), this vulnerab
A vulnerability was found in CodeAstro Expense Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerabili
Stored cross-site scripting in projectworlds Expense Management System 1.0 allows high-privileged authenticated users to
Stored cross-site scripting (XSS) in projectworlds Expense Management System 1.0 allows authenticated users with high pr
Stored cross-site scripting (XSS) in projectworlds Expense Management System 1.0 allows authenticated high-privilege use
Stored cross-site scripting (XSS) in projectworlds Expense Management System 1.0 allows high-privileged authenticated us
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today