CVE-2022-2673 - Vulnerability Details - OpenCVE

A vulnerability was found in Rigatur Online Booking and Hotel Management System aff6409. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Request Handler. The manipulation of the argument email/pass leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205657 was assigned to this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Rigatur	Online Booking And Hotel Management System

Configuration 1 [-]

cpe:2.3:a:rigatur:online_booking_and_hotel_management_system:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://vuldb.com/?id.205657

History

Wed, 16 Apr 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2022-08-05T11:40:42.000Z

Updated: 2025-04-15T14:00:20.190Z

Reserved: 2022-08-05T00:00:00.000Z

Link: CVE-2022-2673

Vulnrichment

Updated: 2024-08-03T00:46:03.669Z

NVD

Status : Modified

Published: 2022-08-05T12:15:08.343

Modified: 2024-11-21T07:01:29.263

Link: CVE-2022-2673

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Online Booking and Hotel Management System", "vendor": "Rigatur", "versions": [{"status": "affected", "version": "aff6409"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Rigatur Online Booking and Hotel Management System aff6409. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Request Handler. The manipulation of the argument email/pass leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205657 was assigned to this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 SQL Injection", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-05T11:40:42.000Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://vuldb.com/?id.205657"}], "title": "Rigatur Online Booking and Hotel Management System POST Request login.php sql injection", "x_generator": "vuldb.com", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@vuldb.com", "ID": "CVE-2022-2673", "REQUESTER": "cna@vuldb.com", "STATE": "PUBLIC", "TITLE": "Rigatur Online Booking and Hotel Management System POST Request login.php sql injection"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Online Booking and Hotel Management System", "version": {"version_data": [{"version_value": "aff6409"}]}}]}, "vendor_name": "Rigatur"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability was found in Rigatur Online Booking and Hotel Management System aff6409. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Request Handler. The manipulation of the argument email/pass leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205657 was assigned to this vulnerability."}]}, "generator": "vuldb.com", "impact": {"cvss": {"baseScore": "6.3", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-89 SQL Injection"}]}]}, "references": {"reference_data": [{"name": "https://vuldb.com/?id.205657", "refsource": "MISC", "url": "https://vuldb.com/?id.205657"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:46:03.669Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://vuldb.com/?id.205657"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-14T17:12:01.524131Z", "id": "CVE-2022-2673", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-15T14:00:20.190Z"}}]}, "cveMetadata": {"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2022-2673", "datePublished": "2022-08-05T11:40:42.000Z", "dateReserved": "2022-08-05T00:00:00.000Z", "dateUpdated": "2025-04-15T14:00:20.190Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.205657", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:46:03.669Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-2673", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-14T17:12:01.524131Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-14T17:12:03.492Z"}}], "cna": {"title": "Rigatur Online Booking and Hotel Management System POST Request login.php sql injection", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Rigatur", "product": "Online Booking and Hotel Management System", "versions": [{"status": "affected", "version": "aff6409"}]}], "references": [{"url": "https://vuldb.com/?id.205657", "tags": ["x_refsource_MISC"]}], "x_generator": "vuldb.com", "descriptions": [{"lang": "en", "value": "A vulnerability was found in Rigatur Online Booking and Hotel Management System aff6409. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Request Handler. The manipulation of the argument email/pass leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205657 was assigned to this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 SQL Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2022-08-05T11:40:42.000Z"}, "x_legacyV4Record": {"impact": {"cvss": {"version": "3.1", "baseScore": "6.3", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "aff6409"}]}, "product_name": "Online Booking and Hotel Management System"}]}, "vendor_name": "Rigatur"}]}}, "data_type": "CVE", "generator": "vuldb.com", "references": {"reference_data": [{"url": "https://vuldb.com/?id.205657", "name": "https://vuldb.com/?id.205657", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability was found in Rigatur Online Booking and Hotel Management System aff6409. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Request Handler. The manipulation of the argument email/pass leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205657 was assigned to this vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-89 SQL Injection"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-2673", "STATE": "PUBLIC", "TITLE": "Rigatur Online Booking and Hotel Management System POST Request login.php sql injection", "ASSIGNER": "cna@vuldb.com", "REQUESTER": "cna@vuldb.com"}}}}, "cveMetadata": {"cveId": "CVE-2022-2673", "state": "PUBLISHED", "dateUpdated": "2025-04-15T14:00:20.190Z", "dateReserved": "2022-08-05T00:00:00.000Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2022-08-05T11:40:42.000Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rigatur:online_booking_and_hotel_management_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "9A07BA6E-FAAD-4FC6-9515-7C0474D5B763", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Rigatur Online Booking and Hotel Management System aff6409. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Request Handler. The manipulation of the argument email/pass leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205657 was assigned to this vulnerability."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en Rigatur Online Booking and Hotel Management System versi\u00f3n aff6409. Ha sido declarada como cr\u00edtica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo login.php del componente POST Request Handler. La manipulaci\u00f3n del argumento email/pass conlleva a una inyecci\u00f3n sql. El ataque puede ser lanzado remotamente. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede ser usada. El identificador VDB-205657 fue asignado a esta vulnerabilidad"}], "id": "CVE-2022-2673", "lastModified": "2024-11-21T07:01:29.263", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-05T12:15:08.343", "references": [{"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.205657"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.205657"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "cna@vuldb.com", "type": "Secondary"}]}