📚 CVE-2022-2680 | SourceCodester Church Management System 1.0 /login.php username sql injection

A vulnerability classified as critical has been found in SourceCodester Church Management System 1.0. Affected is an unknown function of the file /login.php. The manipulation of the argument username with the input ' OR (SELECT 7064 FROM(SELECT COUNT(*),CONCAT(0x71627a7671,(SELECT (ELT(7064=7064,1))),0x716b707871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- jURL leads to sql injection. This vulnerability is traded as CVE-2022-2680. It is possible to launch the attack remotely. Furthermore, there is an exploit available. ...