CVE-2022-36193

CRITICAL

School Management System 1.0 - SQL Injection

Title source: llm

Description

SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries.

Exploits (1)

nomisec SUSPICIOUS

by G37SYS73M · poc

https://github.com/G37SYS73M/CVE-2022-36193

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://github.com/G37SYS73M/Advisory_G37SYS73M/blob/main/CVE-2022-36193/POC.md

[Product] https://github.com/lahirudanushka/School-Management-System---PHP-MySQL

Scores

CVSS v3 9.8

EPSS 0.0199

EPSS Percentile 83.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-89

Status published

Products (1)

lahirudanushka/school_management_system 1.0

Published Nov 28, 2022

Tracked Since Feb 18, 2026