CVE-2022-40032
CRITICAL NUCLEISimple Task Managing System 1.0 - SQL Injection via login.php Username and Password Parameters
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2022-40032. PoCs published by Hamdi Sevben, h4md153v63n. A Nuclei detection template is also available.
AI-analyzed exploit summary This exploit demonstrates an unauthenticated SQL injection vulnerability in Simple Task Managing System v1.0 via the 'login' and 'password' parameters in loginValidation.php. It includes SQLmap commands and manual payloads to extract database information.
Description
SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information.
Exploits (2)
This exploit demonstrates an unauthenticated SQL injection vulnerability in Simple Task Managing System v1.0 via the 'login' and 'password' parameters in loginValidation.php. It includes SQLmap commands and manual payloads to extract database information.
This repository provides a detailed technical analysis of CVE-2022-40032, an unauthenticated SQL injection vulnerability in Simple Task Managing System 1.0. It includes SQLmap commands, example payloads, and Burp Suite requests demonstrating exploitation via the 'login' and 'password' parameters.
Nuclei Templates (1)
References (4)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H