Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2022-30463: automotive/sql.md at main · mikeccltt/automotive

Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_product.

CVE
Open in Source
#sql#vulnerability#windows#js#java#php#firefox
CVE-2022-30459: chatbot/sql.md at main · mikeccltt/chatbot

ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to SQL Injection via /simple_chat_bot/classes/Master.php?f=delete_response, id.

CVE-2022-30461: wbms_bug_report/sql.md at main · mikeccltt/wbms_bug_report

Water-billing-management-system v1.0 is vulnerable to SQL Injection via /wbms/classes/Master.php?f=delete_client, id

CVE-2022-30454: bug_report/SQL-1.md at main · mikeccltt/bug_report

Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product.

CVE-2022-1840: webray.com.cn/Home Clean Services Management System Stored Cross-Site Scripting(XSS).md at main · Xor-Gerke/webray.com.cn

A vulnerability, which was classified as problematic, has been found in Home Clean Services Management System 1.0. This issue affects register.php?link=registerand. The manipulation with the input <script>alert(1)</script> leads to cross site scripting. The attack may be initiated remotely but demands authentication. Exploit details have been disclosed to the public.

CVE-2022-1839: webray.com.cn/HCS_login_email_SQL_injection.md at main · Xor-Gerke/webray.com.cn

A vulnerability classified as critical was found in Home Clean Services Management System 1.0. This vulnerability affects the file login.php. The manipulation of the argument email with the input admin%'/**/AND/**/(SELECT/**/5383/**/FROM/**/(SELECT(SLEEP(2)))JPeh)/**/AND/**/'frfq%'='frfq leads to sql injection. The attack can be initiated remotely but it requires authentication. Exploit details have been disclosed to the public.

CVE-2022-1838

A vulnerability classified as critical has been found in Home Clean Services Management System 1.0. This affects an unknown part of admin/login.php. The manipulation of the argument username with the input admin%'/**/AND/**/(SELECT/**/5383/**/FROM/**/(SELECT(SLEEP(5)))JPeh)/**/AND/**/'frfq%'='frfq leads to sql injection. It is possible to initiate the attack remotely but it requires authentication. Exploit details have been disclosed to the public.

CVE-2022-1837: webray.com.cn/HCS_add_register.php_File_Upload_Getshell.md at main · Xor-Gerke/webray.com.cn

A vulnerability was found in Home Clean Services Management System 1.0. It has been rated as critical. Affected by this issue is register.php?link=registerand. The manipulation with the input <?php phpinfo();?> leads to code execution. The attack may be launched remotely but demands an authentication. Exploit details have been disclosed to the public.