CVE-2022-50805
Unknown Unknown - Not Provided
SQL Injection in Senayan LMS 9.0.0 Allows Data Exposure

Publication date: 2026-01-13

Last updated on: 2026-01-13

Assigner: VulnCheck

Description
Senayan Library Management System 9.0.0 contains a SQL injection vulnerability in the 'class' parameter that allows attackers to inject malicious SQL queries. Attackers can exploit the vulnerability by submitting crafted payloads to manipulate database queries and potentially extract sensitive information.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-13
Last Modified
2026-01-13
Generated
2026-06-16
AI Q&A
2026-01-14
EPSS Evaluated
2026-06-15
NVD
CVE-2022-50805
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
slims.web.id senayan_library_management_system 9.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2022-50805 is a high-severity SQL injection vulnerability in Senayan Library Management System (SLiMS) version 9.0.0. It exists in the 'class' parameter, which does not properly sanitize input, allowing attackers to inject malicious SQL queries. By submitting specially crafted payloads through this parameter, attackers can manipulate database queries, potentially extracting sensitive information or executing unauthorized commands. [2, 4]

Impact Analysis

This vulnerability can allow attackers to perform blind SQL injection attacks, leading to unauthorized extraction of sensitive information from the database. It may also enable remote code execution or further compromise of the system. Since the attack requires no privileges or user interaction and can be performed remotely over the network, it poses a significant risk to the confidentiality and integrity of the affected system's data. [2, 4]

Detection Guidance

This vulnerability can be detected by sending crafted GET requests to the vulnerable endpoint of SLiMS 9.0.0, specifically targeting the 'class' parameter with SQL injection payloads. For example, a boolean-based blind SQL injection payload using MySQL's RLIKE operator can be used to test the vulnerability. A sample payload is: reportView=true&year=2002&class=bbbb''' RLIKE (SELECT (CASE WHEN (2547=2547) THEN 0x626262622727 ELSE 0x28 END)) AND 'dLjf'='dLjf&membershipType=a&collType=aaaa. You can use curl or similar tools to send such requests and observe the responses for signs of SQL injection. Additionally, monitoring network traffic for unusual outbound connections triggered by injected payloads (such as attempts to load files from external UNC paths) can help detect exploitation attempts. [4]

Mitigation Strategies

Immediate mitigation steps include: 1) Applying any available patches or updates from the Senayan Library Management System vendor that address this SQL injection vulnerability. 2) If patches are not available, implement input validation and sanitization on the 'class' parameter to prevent injection of malicious SQL code. 3) Employ web application firewalls (WAFs) to detect and block SQL injection attempts targeting the vulnerable parameter. 4) Restrict database permissions to limit the impact of any successful injection. 5) Monitor logs and network traffic for suspicious activity related to this vulnerability. 6) Consider temporarily disabling or restricting access to the vulnerable functionality until a permanent fix is applied. [4, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50805. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart