guest_management_system_project guest_management_system sql命令中使用的特殊元素转义处理不恰当（sql注入）

admin

0
文章

0
评论

2023-11-30 06:26:03 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

guest_management_system_project guest_management_system sql命令中使用的特殊元素转义处理不恰当（sql注入）

CVE编号

CVE-2022-2812

利用情况

暂无

补丁情况

N/A

披露时间

2022-08-15

漏洞描述

A vulnerability classified as critical was found in SourceCodester Guest Management System. This vulnerability affects unknown code of the file index.php. The manipulation of the argument username/pass leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-206398 is the identifier assigned to this vulnerability.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://s1.ax1x.com/2022/08/13/vtDVYD.png
https://vuldb.com/?id.206398

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	guest_management_system_project	guest_management_system	-	-
	运行在以下环境
	系统	fedora_35	trafficserver	*		Up to (excluding) 9.1.3-1.fc35
	运行在以下环境
	系统	fedora_36	trafficserver	*		Up to (excluding) 9.1.3-1.fc36
	运行在以下环境
	系统	fedora_EPEL_7	trafficserver	*		Up to (excluding) 9.1.3-1.el7
	运行在以下环境
	系统	fedora_EPEL_8	trafficserver	*		Up to (excluding) 9.1.3-1.el8
	运行在以下环境
	系统	fedora_EPEL_9	trafficserver	*		Up to (excluding) 9.1.3-1.el9