CVE-2022-1079

A vulnerability classified as problematic has been found in SourceCodester One Church Management System. Affected are multiple files and parameters which are prone to to cross site scripting. It is possible to launch the attack remotely.

Source: CVE-2022-1079

CVE-2022-1075

A vulnerability was found in College Website Management System 1.0 and classified as problematic. Affected by this issue is the file /cwms/classes/Master.php?f=save_contact of the component Contact Handler. The manipulation leads to persistent cross site scripting. The attack may be launched remotely and requires authentication.

Source: CVE-2022-1075

CVE-2022-1081

A vulnerability was found in SourceCodester Microfinance Management System 1.0. It has been declared as problematic. This vulnerability affects the file /mims/app/addcustomerHandler.php. The manipulation of the argument first_name, middle_name, and surname leads to cross site scripting. The attack can be initiated remotely.

Source: CVE-2022-1081

CVE-2022-1083

A vulnerability classified as critical has been found in Microfinance Management System. The manipulation of arguments like customer_type_number/account_number/account_status_number/account_type_number with the input ‘ and (select * from(select(sleep(10)))Avx) and ‘abc’ = ‘abc leads to sql injection in multiple files. It is possible to launch the attack remotely.

Source: CVE-2022-1083

CVE-2022-1077

A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has been declared as problematic. This vulnerability log.cgi of the component Log Handler. A direct request leads to information disclosure of hardware information. The attack can be initiated remotely and does not require any form of authentication.

Source: CVE-2022-1077

CVE-2022-1080

A vulnerability was found in SourceCodester One Church Management System 1.0. It has been declared as critical. This vulnerability affects code of the file attendancy.php as the manipulation of the argument search2 leads to sql injection. The attack can be initiated remotely.

Source: CVE-2022-1080

CVE-2022-1078

A vulnerability was found in SourceCodester College Website Management System 1.0. It has been classified as critical. Affected is the file /cwms/admin/?page=articles/view_article/. The manipulation of the argument id with the input ‘ and (select * from(select(sleep(10)))Avx) and ‘abc’ = ‘abc with an unknown input leads to sql injection. It is possible to launch the attack remotely and without authentication.

Source: CVE-2022-1078

CVE-2022-1072

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-26254. Reason: This candidate is a reservation duplicate of CVE-2022-26254. Notes: All CVE users should reference CVE-2022-26254 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Source: CVE-2022-1072

CVE-2022-23937

In Wind River VxWorks 6.9 and 7, a specific crafted packet may lead to an out-of-bounds read during an IKE initial exchange scenario.

Source: CVE-2022-23937

CVE-2022-24957

DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object and use the XSS payload as the name. Any user that opens the object’s version or history tab will be attacked.

Source: CVE-2022-24957