CVE-2022-2706

Name: CVE-2022-2706
Creator: NVD / NIST
Published: 2022-08-08T13:15:08.707+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 0.61%

Last modified Jun 17, 2026

CVE-2022-2706 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. A vulnerability classified as critical has been found in SourceCodester Online Class and Exam Scheduling System 1.0. Affected is an unknown function of the file /pages/class_sched.php. EPSS estimates a 0.61% chance of exploitation in the next 30 days.

Description

A vulnerability classified as critical has been found in SourceCodester Online Class and Exam Scheduling System 1.0. Affected is an unknown function of the file /pages/class_sched.php. The manipulation of the argument class with the input '||(SELECT 0x684d6b6c WHERE 5993=5993 AND (SELECT 2096 FROM(SELECT COUNT(*),CONCAT(0x717a786b71,(SELECT (ELT(2096=2096,1))),0x717a626271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||' leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-205830 is the identifier assigned to this vulnerability.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.61%

44.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-89

Affected Software

Vendor	Product	Versions
Fabian	Online Class And Exam Scheduling System	1.0

References

https://github.com/anx0ing/CVE_demo/blob/main/2022/Online%20Class%20and%20Exam%20Scheduling%20System-SQL%20injections.mdExploit, Third Party Advisory
https://vuldb.com/?id.205830Permissions Required, Third Party Advisory
https://github.com/anx0ing/CVE_demo/blob/main/2022/Online%20Class%20and%20Exam%20Scheduling%20System-SQL%20injections.mdExploit, Third Party Advisory
https://vuldb.com/?id.205830Permissions Required, Third Party Advisory

Timeline

Published: Aug 8, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-2706?

How severe is CVE-2022-2706?

CVE-2022-2706 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 0.61% probability of exploitation in the next 30 days.

How do I fix CVE-2022-2706?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-2706?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST