CVE-2022-2467

HIGH NUCLEI

Garage Management System - SQL Injection

Title source: rule

Description

A vulnerability has been found in SourceCodester Garage Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument username with the input [email protected]' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Nuclei Templates (1)

Garage Management System 1.0 - SQL Injection

CRITICALVERIFIEDby edoardottt

References (2)

[Exploit, Third Party Advisory] https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Garage-Management-System.md

View Exploit ZIP pw:eip

[Exploit, Third Party Advisory] https://vuldb.com/?id.204160

Scores

CVSS v3 7.3

EPSS 0.7192

EPSS Percentile 98.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

garage_management_system_project/garage_management_system 1.0

Published Jul 19, 2022

Tracked Since Feb 18, 2026