CVE-2022-1078 HIGH

CVE-2022-1078: SourceCodester College Website Management System sql injection

Vendor Sourcecodester
Product College Website Management System
Weakness CWE-89 · SQLi
Published March 29, 2022
Last update April 15, 2025

CVSS base score

7.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability was found in SourceCodester College Website Management System 1.0. It has been classified as critical. Affected is the file /cwms/admin/?page=articles/view_article/. The manipulation of the argument id with the input ' and (select * from(select(sleep(10)))Avx) and 'abc' = 'abc with an unknown input leads to sql injection. It is possible to launch the attack remotely and without authentication.

Key dates

02Disclosure timeline

March 29, 2022 CVE published
April 15, 2025 Record updated