CVE-2022-3012 An issue was found in Oretom23 Fast Food Ordering System. The file ffos/admin/reports/index.php is manipulated by the argument date. This leads to sql injection. End>
oretnom23 Fast Food Ordering System has an input filter that sanitizes user-supplied data prior to processing. Unfortunately, input validation fails to cover all possible cases.
CVE-2022-36543 The application's id parameter was vulnerable to SQL injection.
If users input anything other than id= followed by a character, they could inject arbitrary SQL code and grant access to their own account. This
CVE-2022-36545 The id parameter at /patient/settings.php was discovered to be vulnerable to SQL injection.
A hacker can exploit this weakness to execute arbitrary SQL commands, bypassing security restrictions. Note that this vulnerability is often exploited through social engineering and
CVE-2022-36544 The EDoc-doctor-appointment-system v1.0.1 had a SQL injection vulnerability.
A remote attacker able to access the vulnerable application via frontend could leverage the SQL injection flaw to execute arbitrary SQL commands.
Moreover, it was
CVE-2022-36529 Kensey CMS v1.0 had multiple SQL injection vulnerabilities via the name and oldname parameters.
A user with the ‘admin’ role could inject SQL codes and execute them to cause a denial-of-service condition that would eventually lead to the database
Episode
00:00:00
00:00:00