CVE-2022-38265 The Apartment Visitor Management System v1.0 had a SQL injection vulnerability.
When editing an apartment, an attacker could inject arbitrary SQL commands into the parameter value to cause the system to crash, delete critical data, or
CVE-2022-38267 Activity updates with SMS notification v1.0 had a SQL injection vulnerability.
An attacker can exploit this flaw to access or edit any database record of the affected application and cause significant disruption to its operations. Depending
CVE-2022-38268 An SQL injection vulnerability was found in the School Activity Updates with SMS Notification v1.0 component.
2018-06-26: This version was updated to version 1.2.2, fixing the SQL injection vulnerability. The researcher who discovered this vulnerability states that the module
CVE-2022-38260 The Interview Management System v1.0 had a SQL injection vulnerability.
A remote user or attacker can inject arbitrary SQL commands to the system, and the system will execute the command. If SQL injection is not
CVE-2022-38255 The interview management system v1.0 had a SQL injection vulnerability via the id parameter.
If the id parameter is supplied with an arbitrary value, an attacker can access the full db_query() value, thus gaining access to the underlying
Episode
00:00:00
00:00:00