CVE-2022-30927
CRITICALSimple Task Scheduling System 1.0 - SQL Injection
Title source: llmDescription
A SQL injection vulnerability exists in Simple Task Scheduling System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable "id" parameter.
References (3)
Core 3
Core References
Product x_refsource_misc
https://www.sourcecodester.com/php/15328/simple-task-scheduler-system-phpoop-free-source-code.html
Product x_refsource_misc
https://www.sourcecodester.com/sites/default/files/download/oretnom23/tss.zip
Exploit, Third Party Advisory x_refsource_misc
https://github.com/ykosan1/Simple-Task-Scheduling-System-id-SQL-Injection-Unauthenticated
Scores
CVSS v3
9.8
EPSS
0.0138
EPSS Percentile
69.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
simple_task_scheduling_system_project/simple_task_scheduling_system
1.0
Published
Jun 06, 2022
Tracked Since
Feb 18, 2026