Skip to main content

Online Leave Management System CVE-2022-43179

HIGH
SQL Injection (CWE-89)
2022-11-17 cve@mitre.org
7.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 17, 2022 - 21:15 nvd
HIGH 7.2

DescriptionNVD

Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /admin/?page=user/manage_user&id=.

AnalysisAI

Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /admin/?page=user/manage_user&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /admin/?page=user/manage_user&id=. Affected products include: Online Leave Management System Project Online Leave Management System.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2022-45009 HIGH POC
7.2 Dec 07

Online Leave Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /leave_system/cl

CVE-2022-41379 HIGH POC
7.2 Oct 07

An arbitrary file upload vulnerability in the component /leave_system/classes/Users.php?f=save of Online Leave Managemen

CVE-2022-41355 HIGH POC
7.2 Oct 06

Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /lea

CVE-2022-40928 HIGH POC
7.2 Sep 26

Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_applica

CVE-2022-40927 HIGH POC
7.2 Sep 26

Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_designa

CVE-2022-40926 HIGH POC
7.2 Sep 26

Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_leave_t

CVE-2022-38304 HIGH POC
7.2 Sep 12

Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /mai

CVE-2022-38303 HIGH POC
7.2 Sep 12

Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /emp

CVE-2022-38302 HIGH POC
7.2 Sep 12

Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /mai

CVE-2022-45008 MEDIUM POC
4.8 Dec 07

Online Leave Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the c

Share

CVE-2022-43179 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy