CVE-2022-50805
Published: 13 January 2026
Summary
CVE-2022-50805 is a high-severity SQL Injection (CWE-89) vulnerability in Web (inferred from references). Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 22.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Deeper analysis
Senayan Library Management System version 9.0.0 is affected by CVE-2022-50805, a SQL injection vulnerability in the 'class' parameter. This flaw allows attackers to inject malicious SQL queries by submitting crafted payloads, enabling manipulation of database queries and potential extraction of sensitive information. The vulnerability is rated with a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N) and is associated with CWE-89.
Unauthenticated attackers with network access can exploit this vulnerability remotely with low complexity and no user interaction required. Successful exploitation grants high-impact confidentiality by dumping sensitive data from the database, along with low-impact integrity effects through limited query modifications, but no availability disruption.
Advisories and resources, including a proof-of-concept on GitHub (https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.0.0/SQLi), the vendor site (https://slims.web.id/web/), an Exploit-DB entry (https://www.exploit-db.com/exploits/51161), and a Vulncheck advisory (https://www.vulncheck.com/advisories/senayan-library-management-system-sql-injection), provide details on the issue; security practitioners should review these for mitigation guidance and patch availability.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-2640
Vulnerability details
Senayan Library Management System 9.0.0 contains a SQL injection vulnerability in the 'class' parameter that allows attackers to inject malicious SQL queries. Attackers can exploit the vulnerability by submitting crafted payloads to manipulate database queries and potentially extract sensitive information.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated remote SQL injection in public-facing web app directly enables T1190 exploitation for data extraction from backend database via T1213.006.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents SQL injection attacks like CVE-2022-50805 by validating and sanitizing the 'class' parameter to block malicious SQL payloads.
Addresses the root cause of CVE-2022-50805 by identifying, reporting, and correcting the SQL injection flaw in the Senayan Library Management System.
Detects and remediates vulnerabilities such as the SQL injection in CVE-2022-50805 through regular scanning of the system and hosted applications.