Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.
References
| Link | Resource |
|---|---|
| https://github.com/Dir0x/Multiple-SQLi-in-Simple-Subscription-Company/blob/main/apply_sqli.py | Broken Link Exploit Third Party Advisory |
| https://github.com/Dir0x/Multiple-SQLi-in-Simple-Subscription-Company/blob/main/apply_sqli.py | Broken Link Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 06:53
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/Dir0x/Multiple-SQLi-in-Simple-Subscription-Company/blob/main/apply_sqli.py - Broken Link, Exploit, Third Party Advisory |
29 Mar 2022, 16:32
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-89 | |
| CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
| References | (MISC) https://github.com/Dir0x/Multiple-SQLi-in-Simple-Subscription-Company/blob/main/apply_sqli.py - Broken Link, Exploit, Third Party Advisory | |
| CPE | cpe:2.3:a:simple_client_management_system_project:simple_client_management_system:1.0:*:*:*:*:*:*:* |
21 Mar 2022, 23:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-03-21 23:15
Updated : 2024-11-21 06:53
NVD link : CVE-2022-26285
Mitre link : CVE-2022-26285
CVE.ORG link : CVE-2022-26285
JSON object : View
Products Affected
simple_client_management_system_project
- simple_client_management_system
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')