CVE-2022-2673

A vulnerability was found in Rigatur Online Booking and Hotel Management System aff6409. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Request Handler. The manipulation of the argument email/pass leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205657 was assigned to this vulnerability.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://vuldb.com/?id.205657	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:rigatur:online_booking_and_hotel_management_system:-:*:*:*:*:*:*:*

History

11 Aug 2022, 19:03

Type	Values Removed	Values Added
CPE		cpe:2.3:a:rigatur:online_booking_and_hotel_management_system:-:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
References	~~(MISC) https://vuldb.com/?id.205657 -~~	(MISC) https://vuldb.com/?id.205657 - Third Party Advisory
First Time		Rigatur Rigatur online Booking And Hotel Management System

05 Aug 2022, 12:52

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-08-05 12:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-2673

Mitre link : CVE-2022-2673

CVE.ORG link : CVE-2022-2673

JSON object : View

Products Affected

rigatur

online_booking_and_hotel_management_system

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2022-2673", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.8}]}, "published": "2022-08-05T12:15:08.343", "references": [{"url": "https://vuldb.com/?id.205657", "tags": ["Third Party Advisory"], "source": "cna@vuldb.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Rigatur Online Booking and Hotel Management System aff6409. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Request Handler. The manipulation of the argument email/pass leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205657 was assigned to this vulnerability."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en Rigatur Online Booking and Hotel Management System versi\u00f3n aff6409. Ha sido declarada como cr\u00edtica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo login.php del componente POST Request Handler. La manipulaci\u00f3n del argumento email/pass conlleva a una inyecci\u00f3n sql. El ataque puede ser lanzado remotamente. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede ser usada. El identificador VDB-205657 fue asignado a esta vulnerabilidad"}], "lastModified": "2022-08-11T19:03:52.167", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rigatur:online_booking_and_hotel_management_system:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A07BA6E-FAAD-4FC6-9515-7C0474D5B763"}], "operator": "OR"}]}], "sourceIdentifier": "cna@vuldb.com"}