CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43230
https://notcve.org/view.php?id=CVE-2022-43230
Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=bookings/view_details. Se descubrió que Simple Cold Storage Management System v1.0 contiene una vulnerabilidad de inyección SQL a través del parámetro id en /admin/?page=bookings/view_details. • https://github.com/HKD01l/bug_report/blob/main/vendors/oretnom23/simple-cold-storage-management-system/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2022-43229 – Simple Cold Storage Management System 1.0 SQL Injection
https://notcve.org/view.php?id=CVE-2022-43229
Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /bookings/update_status.php. Se descubrió que Simple Cold Storage Management System v1.0 contiene una vulnerabilidad de inyección SQL a través del parámetro id en /bookings/update_status.php. Simple Cold Storage Management System version 1.0 suffers from a remote SQL injection vulnerability. • http://packetstormsecurity.com/files/169605/Simple-Cold-Storage-Management-System-1.0-SQL-Injection.html https://github.com/HKD01l/bug_report/blob/main/vendors/oretnom23/simple-cold-storage-management-system/SQLi-2.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42230
https://notcve.org/view.php?id=CVE-2022-42230
Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/admin/?page=user/manage_user&id=. Simple Cold Storage Management System versión v1.0, es vulnerable a una inyección SQL por medio de /csms/admin/?page=user/manage_user&id= • https://github.com/Tr0ee/bug_report/blob/main/vendors/oretnom23/simple-cold-storage-management-system/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45253
https://notcve.org/view.php?id=CVE-2021-45253
The id parameter in view_storage.php from Simple Cold Storage Management System 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed. El parámetro id en el archivo view_storage.php de Simple Cold Storage Management System versión 1.0, parece ser vulnerable a ataques de inyección SQL. Una carga útil inyecta una subconsulta SQL que llama a la función load_file de MySQL con una ruta de archivo UNC que hace referencia a una URL en un dominio externo. • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/CSMS-1.0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •