CVE-2022-44378 - Exploiting SQL Injection in Automotive Shop Management System v1. via /asms/classes/Master.php?f=delete_mechanic
In November 2022, a critical SQL injection vulnerability was discovered in the Automotive Shop Management System v1.. Tracked as CVE-2022-44378, this flaw exists in the
CVE-2022-24037 Infraskope Security Event Manager has an unauthenticated access, which could be exploited by an attacker.
Therefore, users should be careful when using the unauthenticated access. If you want to exploit this vulnerability, you need to send an email to the
CVE-2022-39180 - How an SQL Injection Weakness in College Management System v1. Exposes Your Application
CVE-2022-39180 is a critical vulnerability discovered in the College Management System v1.. This bug relates to a classic but still dangerous web application weakness: SQL
CVE-2022-43506 In Delta Electronics DIAEnergie v1.9.02.001, SQL Injection can be done via Network.
communication. This can be leveraged to control the functionality of the device and obtain sensitive information. Delta Electronics DIAEnergie version 1.9.02.001 and
CVE-2022-39179 College Management System v1.0 - Authenticated remote code execution
This is how the server serves .php files:
In the student.php file, in order to bypass the filters, there is a SQL Injection that
Episode
00:00:00
00:00:00