cvedb.io
CVE-2022-26959
CRITICAL · CVSS 10
EPSS exploitation probability: 0%
Published 2022-09-16T02:15:08.987 · Last modified 2026-06-17T04:36:13.623

Summary

There are two full (read/write) Blind/Time-based SQL injection vulnerabilities in the Northstar Club Management version 6.3 application. The vulnerabilities exist in the userName parameter of the processlogin.jsp page in the /northstar/Portal/ directory and the userID parameter of the login.jsp page in the /northstar/iphone/ directory. Exploitation of the SQL injection vulnerabilities allows full access to the database which contains critical data for organization’s that make full use of the software suite.

Affected products

globalnorthstar — northstar_club_management

Does this affect you?

Add your gear to cvedb and we'll alert you only when globalnorthstar ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.