CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3973 – Pingkon HMS-PHP Data Pump Metadata admin.php sql injection
https://notcve.org/view.php?id=CVE-2022-3973
13 Nov 2022 — A vulnerability classified as critical has been found in Pingkon HMS-PHP. Affected is an unknown function of the file /admin/admin.php of the component Data Pump Metadata. The manipulation of the argument uname/pass leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Pingkon/HMS-PHP/issues/1 • CWE-707: Improper Neutralization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3972 – Pingkon HMS-PHP adminlogin.php sql injection
https://notcve.org/view.php?id=CVE-2022-3972
13 Nov 2022 — A vulnerability was found in Pingkon HMS-PHP. It has been rated as critical. This issue affects some unknown processing of the file admin/adminlogin.php. The manipulation of the argument uname/pass leads to sql injection. The attack may be initiated remotely. • https://github.com/Pingkon/HMS-PHP/issues/1 • CWE-707: Improper Neutralization •