SQL Injection Vulnerability in Microfinance Management System 1.0 with MySQL Database

SQL Injection Vulnerability in Microfinance Management System 1.0 with MySQL Database

CVE-2022-27927 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable course_code and/or customer_number parameter.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.