CVE-2022-40347

high-risk
Published 2023-02-17

SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType' and 'name' parameters, allows attackers to execute arbitrary code and gain sensitive information.

Do I need to act?

~
5.8% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
51274
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Intern Record System Project

References (8)

http://packetstormsecurity.com/files/171740/Intern-Record-System-1.0-SQL-Injecti...
Product https://code-projects.org/intern-record-system-in-php-with-source-code/
Product https://download-media.code-projects.org/2020/03/Intern_Record_System_In_PHP_Wit...
Exploit https://github.com/h4md153v63n/CVE-2022-40347_Intern-Record-System-phone-V1.0-SQ...
http://packetstormsecurity.com/files/171740/Intern-Record-System-1.0-SQL-Injecti...
Product https://code-projects.org/intern-record-system-in-php-with-source-code/
Product https://download-media.code-projects.org/2020/03/Intern_Record_System_In_PHP_Wit...
Exploit https://github.com/h4md153v63n/CVE-2022-40347_Intern-Record-System-phone-V1.0-SQ...
53
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 16/34 · Moderate
Exposure 5/34 · Minimal