CVE-2022-2807 (GCVE-0-2022-2807)
Vulnerability from cvelistv5 – Published: 2022-12-12 01:50 – Updated: 2026-05-20 06:55
VLAI
EPSS
VEX
Title
SQL Injection in Prens Student Information System
Summary
SQL Injection vulnerability in Algan Software Prens Student Information System allows SQL Injection.
This issue affects Prens Student Information System: before 2.1.11.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-22-0708 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Algan Software | Prens Student Information System |
Affected:
0 , < 2.1.11
(custom)
|
Date Public
2022-11-24 21:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.usom.gov.tr/bildirim/tr-22-0708"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2807",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T18:05:04.510865Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T18:05:13.027Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Prens Student Information System",
"vendor": "Algan Software",
"versions": [
{
"lessThan": "2.1.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-11-24T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SQL Injection vulnerability in Algan Software Prens Student Information System allows SQL Injection.\u003cp\u003eThis issue affects Prens Student Information System: before 2.1.11.\u003c/p\u003e"
}
],
"value": "SQL Injection vulnerability in Algan Software Prens Student Information System allows SQL Injection.\n\nThis issue affects Prens Student Information System: before 2.1.11."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T06:55:31.025Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-22-0708"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-22-0708"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\nAlgan Software Prens Student Information System should be updated to \u0026gt;= 2.1.11.\n\n\u003c/p\u003e"
}
],
"value": "Algan Software Prens Student Information System should be updated to \u003e= 2.1.11."
}
],
"source": {
"advisory": "TR-22-0708",
"defect": [
"TR-22-0708"
],
"discovery": "EXTERNAL"
},
"title": "SQL Injection in Prens Student Information System",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2022-2807",
"datePublished": "2022-12-12T01:50:00.293Z",
"dateReserved": "2022-08-12T00:00:00.000Z",
"dateUpdated": "2026-05-20T06:55:31.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-2807",
"date": "2026-07-11",
"epss": "0.0062",
"percentile": "0.45569"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-2807\",\"sourceIdentifier\":\"iletisim@usom.gov.tr\",\"published\":\"2022-12-02T12:15:09.797\",\"lastModified\":\"2026-06-17T04:42:37.273\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SQL Injection vulnerability in Algan Software Prens Student Information System allows SQL Injection.\\n\\nThis issue affects Prens Student Information System: before 2.1.11.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de inyecci\u00f3n SQL en Algan Software Prens Student Information System permite la inyecci\u00f3n SQL. Este problema afecta a Prens Student Information System: anterior a 2.1.11.\"}],\"affected\":[{\"source\":\"iletisim@usom.gov.tr\",\"affectedData\":[{\"vendor\":\"Algan Software\",\"product\":\"Prens Student Information System\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"2.1.11\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"iletisim@usom.gov.tr\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-04-22T18:05:04.510865Z\",\"id\":\"CVE-2022-2807\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"iletisim@usom.gov.tr\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:algan:prens_student_information_system:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.1.11\",\"matchCriteriaId\":\"120C62AE-D526-4B46-91BB-3A6B25F5BC0E\"}]}]}],\"references\":[{\"url\":\"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-22-0708\",\"source\":\"iletisim@usom.gov.tr\"},{\"url\":\"https://www.usom.gov.tr/bildirim/tr-22-0708\",\"source\":\"iletisim@usom.gov.tr\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.usom.gov.tr/bildirim/tr-22-0708\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"redhat_vex": {
"current_release_date": "2026-05-20T07:57:33+00:00",
"cve": "CVE-2022-2807",
"id": "CVE-2022-2807",
"initial_release_date": "2022-11-24T21:00:00+00:00",
"product_status:known_not_affected": "1",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "SQL Injection in Prens Student Information System",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2807.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.usom.gov.tr/bildirim/tr-22-0708\", \"tags\": [\"government-resource\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T00:52:59.323Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-2807\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-22T18:05:04.510865Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-22T18:05:09.375Z\"}}], \"cna\": {\"title\": \"SQL Injection in Prens Student Information System\", \"source\": {\"defect\": [\"TR-22-0708\"], \"advisory\": \"TR-22-0708\", \"discovery\": \"EXTERNAL\"}, \"impacts\": [{\"capecId\": \"CAPEC-66\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-66 SQL Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Algan Software\", \"product\": \"Prens Student Information System\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.1.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Algan Software Prens Student Information System should be updated to \u003e= 2.1.11.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003e\\n\\nAlgan Software Prens Student Information System should be updated to \u0026gt;= 2.1.11.\\n\\n\u003c/p\u003e\", \"base64\": false}]}], \"datePublic\": \"2022-11-24T21:00:00.000Z\", \"references\": [{\"url\": \"https://www.usom.gov.tr/bildirim/tr-22-0708\", \"tags\": [\"government-resource\", \"broken-link\"]}, {\"url\": \"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-22-0708\", \"tags\": [\"government-resource\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"SQL Injection vulnerability in Algan Software Prens Student Information System allows SQL Injection.\\n\\nThis issue affects Prens Student Information System: before 2.1.11.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"SQL Injection vulnerability in Algan Software Prens Student Information System allows SQL Injection.\u003cp\u003eThis issue affects Prens Student Information System: before 2.1.11.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-89\", \"description\": \"CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"ca940d4e-fea4-4aa2-9a58-591a58b1ce21\", \"shortName\": \"TR-CERT\", \"dateUpdated\": \"2026-05-20T06:55:31.025Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-2807\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-20T06:55:31.025Z\", \"dateReserved\": \"2022-08-12T00:00:00.000Z\", \"assignerOrgId\": \"ca940d4e-fea4-4aa2-9a58-591a58b1ce21\", \"datePublished\": \"2022-12-12T01:50:00.293Z\", \"assignerShortName\": \"TR-CERT\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…