CVE-2022-2467
Published: 19 July 2022
Summary
CVE-2022-2467 is a high-severity SQL Injection (CWE-89) vulnerability in Garage Management System Project Garage Management System. Its CVSS base score is 7.3 (High).
Operationally, ranked in the top 1.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
A SQL injection vulnerability exists in SourceCodester Garage Management System version 1.0 and is tracked as CVE-2022-2467. The flaw resides in the /login.php file and stems from improper handling of the username parameter, allowing an attacker to supply a crafted payload such as 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT. The issue is assigned CWE-89 and carries a CVSS 3.1 base score of 7.3.
An unauthenticated remote attacker can exploit the weakness over the network to inject arbitrary SQL statements. Successful exploitation can result in limited impacts to confidentiality, integrity, and availability of the affected application and its underlying database.
Public references, including a detailed disclosure on GitHub and entries on Vuldb, confirm that the exploit has been made available but do not describe vendor patches or specific mitigation steps.
The associated EPSS score currently stands at 0.6964 with a recorded peak of 0.7192, indicating sustained exploitation interest following disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-34727
Vulnerability details
A vulnerability has been found in SourceCodester Garage Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument username with the input 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND…
more
'hsvT'='hsvT leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.