CVE-2022-48149: CVE-2022–48149 - Ahmed Mehsania - Medium

All details about CVE-2022–48149

Software: Sourcecodester’s Online Student Admission System.

Software Link: https://www.sourcecodester.com/php/15514/online-admission-system-php-and-mysql.html

Vulnerability Type: SQL Injection

Affected Component: Admin Login form

Impact Escalation of Privileges: true

Attack Type: Remote

Vendor of Product: Sourcecodester

Description: SQL injection attack occurs when an unintended data enters a program from an untrusted source. The vulnerability exists in Sourcecodester’s Online Student Admission System in the login form. Simply by using the SQL Injection command on the username field admin’ OR 1=1 — — so without entering the credential we are able to login admin account.

Impact: This vulnerability allows an attacker to get unauthorized access to admin account.