CVE-2022-27927

Description

A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable course_code and/or customer_number parameter.

NVD
Severity: CRITICAL
CVE ID: CVE-2022-27927
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2022-27927

Refrence: Project Discovery GitHub

erengozaydin

CVE-2022-27927

Refrence: GitHub

Description​

Proof Of Concept​

Description

Proof Of Concept