Critical SQL Injection Vulnerability in Home Clean Services Management System 1.0

Critical SQL Injection Vulnerability in Home Clean Services Management System 1.0

CVE-2022-1838 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

A vulnerability classified as critical has been found in Home Clean Services Management System 1.0. This affects an unknown part of admin/login.php. The manipulation of the argument username with the input admin%'/**/AND/**/(SELECT/**/5383/**/FROM/**/(SELECT(SLEEP(5)))JPeh)/**/AND/**/'frfq%'='frfq leads to sql injection. It is possible to initiate the attack remotely but it requires authentication. Exploit details have been disclosed to the public.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.