CVE-2022-28079

HIGH EXPLOITED NUCLEI

College Management System 1.0 - SQL Injection via course_code Parameter

Title source: llm

Exploitation Summary

CVE-2022-28079 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including Eren Gozaydin, erengozaydin. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates an authenticated SQL injection vulnerability in College Management System 1.0 via the 'course_code' parameter. It includes a proof-of-concept payload and instructions for using SQLmap to exploit the vulnerability.

Description

College Management System v1.0 was discovered to contain a SQL injection vulnerability via the course_code parameter.

Exploits (2)

exploitdb WORKING POC

by Eren Gozaydin · textwebappsphp

https://www.exploit-db.com/exploits/50933

View Code ZIP pw:eip

This exploit demonstrates an authenticated SQL injection vulnerability in College Management System 1.0 via the 'course_code' parameter. It includes a proof-of-concept payload and instructions for using SQLmap to exploit the vulnerability.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: College Management System 1.0

Auth required

Prerequisites: Authenticated access to the application · Burpsuite or similar tool to intercept requests

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WRITEUP

by erengozaydin · poc

https://github.com/erengozaydin/College-Management-System-course_code-SQL-Injection-Authenticated

View Code ZIP pw:eip

This repository provides a writeup and proof-of-concept for an authenticated SQL injection vulnerability in College Management System 1.0 via the 'course_code' parameter. It includes a Burp Suite request and SQLmap usage for exploitation.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: College Management System 1.0

Auth required

Prerequisites: Authenticated access to the application · Burp Suite or similar intercepting proxy · SQLmap for automated exploitation

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

College Management System 1.0 - SQL Injection

HIGHVERIFIEDby ritikchaddha

References (4)

Core 4

Core References

Product, Third Party Advisory x_refsource_misc

https://code-projects.org/college-management-system-in-php-with-source-code/

Exploit, Third Party Advisory x_refsource_misc

https://github.com/erengozaydin/College-Management-System-course_code-SQL-Injection-Authenticated

Not Applicable x_refsource_misc

https://www.nu11secur1ty.com/2022/05/cve-2022-28079.html

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/167131/College-Management-System-1.0-SQL-Injection.html

Scores

CVSS v3 8.8

EPSS 0.7295

EPSS Percentile 98.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-11-13

CWE

CWE-89

Status published

Products (1)

college_management_system_project/college_management_system 1.0

Published May 05, 2022

Tracked Since Feb 18, 2026