CVE-2022-28079
Published: 05 May 2022
Summary
CVE-2022-28079 is a high-severity SQL Injection (CWE-89) vulnerability in College Management System Project College Management System. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 1.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
College Management System v1.0 contains a SQL injection vulnerability in the course_code parameter, classified under CWE-89. The flaw received a CVSS 3.1 score of 8.8, reflecting network-accessible exploitation with low attack complexity that allows an authenticated user to impact confidentiality, integrity, and availability.
An authenticated attacker with low privileges can supply crafted input through the affected parameter to execute arbitrary SQL commands. Successful exploitation grants the ability to read, modify, or delete database contents and potentially escalate to full system compromise within the application context.
Public references include exploit code and technical write-ups demonstrating the injection, along with a link to the original project source. The EPSS score rose from low values after the 2022 disclosure to a peak of 0.9043 in January 2025 before receding to the current 0.7295, indicating later-emerging exploitation interest that warrants renewed attention.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-32564
Vulnerability details
College Management System v1.0 was discovered to contain a SQL injection vulnerability via the course_code parameter.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.