CVE-2022-30927

Published
View on NVD ↗
CVSS v3
9.8
CRITICAL
CVSS v2
7.5
HIGH
Affected
1
PROJECT

Description

A SQL injection vulnerability exists in Simple Task Scheduling System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable "id" parameter.

ykosan1/Simple-Task-Scheduling-System-id-SQL-Injection-Unauthenticated
ykosan1/Simple-Task-Scheduling-System-id-SQL-Injection-Unauthenticated
Badminton Center Management System allows SQL Injection via parameter 'id' in /tss/admin/categories/manage_category.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
GitHubGitHub
1