CVE-2022-3495

HIGH

Simple Online Public Access Catalog - SQL Injection

Title source: rule

Description

A vulnerability has been found in SourceCodester Simple Online Public Access Catalog 1.0 and classified as critical. This vulnerability affects unknown code of the file /opac/Actions.php?a=login of the component Admin Login. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210784.

References (2)

[Exploit, Third Party Advisory] https://github.com/Hakcoder/Simple-Online-Public-Access-Catalog-OPAC---SQL-injection/blob/main/POC

View Exploit ZIP pw:eip

[Permissions Required, Third Party Advisory] https://vuldb.com/?id.210784

Scores

CVSS v3 7.3

EPSS 0.0033

EPSS Percentile 55.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89 CWE-707

Status published

Products (1)

simple_online_public_access_catalog_project/simple_online_public_access_catalog 1.0

Published Oct 14, 2022

Tracked Since Feb 18, 2026