CVE-2022-4015
Published: 16 November 2022
Summary
CVE-2022-4015 is a medium-severity Improper Neutralization (CWE-707) vulnerability in Sports Club Management System Project Sports Club Management System. Its CVSS base score is 4.7 (Medium).
Operationally, ranked in the top 45.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-51395
Vulnerability details
A vulnerability, which was classified as critical, was found in Sports Club Management System 119. This affects an unknown part of the file admin/make_payments.php. The manipulation of the argument m_id/plan leads to sql injection. It is possible to initiate the…
more
attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213789 was assigned to this vulnerability.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Penetration testing uses SQL injection payloads against database interfaces, identifying and supporting fixes for SQL injection weaknesses.
Enforces use of documented standards and tool configurations that address proper neutralization of inputs/outputs during development.
Validates query inputs to prevent SQL syntax or command manipulation.