CVE-2022-29987
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=user/manage_user&id=.
Source: CVE-2022-29987
CVE-2022-29987
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=user/manage_user&id=.
Source: CVE-2022-29987
CVE-2022-29988
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via scbsclassesMaster.php?f=delete.
Source: CVE-2022-29988
CVE-2022-29985
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via scbsclassesMaster.php?f=delete_category.
Source: CVE-2022-29985
CVE-2022-29986
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via scbsclassesMaster.php?f=delete_facility.
Source: CVE-2022-29986
CVE-2022-29983
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/view_invoice&id=.
Source: CVE-2022-29983
CVE-2022-29984
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=client/view_client&id=.
Source: CVE-2022-29984
CVE-2022-29747
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/manage_invoice&id= // Leak place —> id.
Source: CVE-2022-29747
CVE-2022-29538
RESI Gemini-Net Web 4.2 is affected by Improper Access Control in authorization logic. An unauthenticated user is able to access some critical resources.
Source: CVE-2022-29538
CVE-2022-29539
resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Injection. It does not properly check the parameters sent as input before they are processed on the server. Due to the lack of validation of user input, an unauthenticated attacker can bypass the syntax intended by the software (e.g., concatenate `&|;r commands) and inject arbitrary system commands with the privileges of the application user.
Source: CVE-2022-29539
CVE-2022-29748
Simple Client Management System 1.0 is vulnerable to SQL Injection via cmsadmin?page=client/manage_client&id=.
Source: CVE-2022-29748