Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2022-4221: ONEKEY identifies a command injection bug in the M25 NAS from Asus. Read the latest Security Advisory here👆

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7.

CVE
Open in Source
#sql#vulnerability#web#java#php#asus#auth#zero_day
CVE-2022-4248

A vulnerability, which was classified as critical, has been found in Movie Ticket Booking System. This issue affects some unknown processing of the file editBooking.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214625 was assigned to this vulnerability.

CVE-2022-4247

A vulnerability classified as critical was found in Movie Ticket Booking System. This vulnerability affects unknown code of the file booking.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214624.

CVE-2022-44296: bug_report/SQLi-2.md at main · Distance10086/bug_report

Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/quotes/manage_remark.php?id=.

CVE-2022-44295: bug_report/SQLi-1.md at main · Distance10086/bug_report

Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/orders/assign_team.php?id=.

CVE-2022-44294: bug_report/SQLi-3.md at main · Distance10086/bug_report

Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/manage_service&id=.

CVE-2022-44151: bug_report/SQLi-1.md at main · li-baige/bug_report

Simple Inventory Management System v1.0 is vulnerable to SQL Injection via /ims/login.php.

CVE-2022-4222

A vulnerability was found in SourceCodester Canteen Management System. It has been rated as critical. This issue affects the function query of the file ajax_invoice.php of the component POST Request Handler. The manipulation of the argument search leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214523.

CVE-2022-44097: Book Store Management System— Use of Hard-coded Credentials in Source Code Leads to Admin Panel Access · Issue #2 · upasvi/CVE-

Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.

CVE-2022-44096: Sanitization Management System — Use of Hard-coded Credentials in Source Code Leads to Admin Panel Access · Issue #1 · upasvi/CVE-

Sanitization Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.