CVE-2022-37138

CRITICAL

Loan Management System 1.0 - Unauthenticated SQL Injection via Login Username Parameter

Title source: llm
STIX 2.1

Description

Loan Management System 1.0 is vulnerable to SQL Injection at the login page, which allows unauthorized users to login as Administrator after injecting username form.

Scores

CVSS v3 9.8
EPSS 0.0095
EPSS Percentile 57.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
razormist/loan_management_system 1.0
Published Sep 14, 2022
Tracked Since Feb 18, 2026