CVE-2022-37185

{"id": "CVE-2022-37185", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-09-06T20:15:09.060", "references": [{"url": "http://eme1.obec.go.th", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://eme1.obec.go.th/~eme62/repschoolproj.php?claster=school&idarea=648", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/235480", "tags": ["Third Party Advisory"], "source": "nvd@nist.gov"}, {"url": "https://github.com/00xdF/emes/blob/main/readme.md", "tags": ["Broken Link"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability exists in the school information query interface (repschoolproj.php) of the EMS 6.2 system of the Office of the Thai Basic Education Commission, which can lead to data leakage."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de inyecci\u00f3n SQL en la interfaz de consulta de informaci\u00f3n escolar (repschoolproj.php) del sistema EMS versi\u00f3n 6.2 de la Oficina de la Comisi\u00f3n de Educaci\u00f3n B\u00e1sica de Tailandia, que puede conllevar a un filtrado de datos."}], "lastModified": "2022-09-09T16:05:39.150", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ems_project:ems:6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "419BBAFF-4B97-46F4-8E13-867E27E2FC11"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}