CVE-2022-42250 The Cold Storage Management System v1.0 is vulnerable to SQL injection.
An attacker can send a special SQL query to obtain sensitive information such as users’ names, email addresses, or other information.
The application does not
CVE-2022-42249 The Cold Storage Management System v1.0 is vulnerable to SQL injection. a>/csms/admin/storages/view_storage.php?id=/a>
An attacker can inject malicious script code via the value of the storage_id parameter to execute arbitrary SQL commands. In addition, the /csms/admin/
CVE-2022-42243 The Cold Storage Management System v1.0 is vulnerable to SQL injection.
This can be exploited to execute arbitrary SQL commands. It is common practice to sanitize application input to reduce the risk of SQL injection. However,
CVE-2022-42242 The Cold Storage Management System v1.0 is vulnerable to SQL injection.
When deleting a booking, the form allows users to enter any value they want into the ‘Booking ID’ field. An attacker can exploit this by
CVE-2022-42241 The system is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_message.
A user can inject any SQL command they want to delete all messages from the messaging system. The script was last updated on March 28,
Episode
00:00:00
00:00:00