CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25016
https://notcve.org/view.php?id=CVE-2022-25016
02 Mar 2022 — Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /student_attendance/index.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. Se ha detectado que Home Owners Collection Management System versión v1.0, contiene una vulnerabilidad de carga de archivos arbitraria por medio del componente /student_attendance/index.php. Esta vulnerabilidad permite a atacantes ejecutar código arbitrario por medi... • https://github.com/lohyt/web-shell-via-file-upload-in-hocms • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25028
https://notcve.org/view.php?id=CVE-2022-25028
28 Feb 2022 — Home Owners Collection Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the collected_by parameter under the List of Collections module. Se ha detectado que Home Owners Collection Management System versión v1.0, contenía una vulnerabilidad de tipo cross-site scripting (XSS) por medio del parámetro collected_by en el módulo Lista de Colecciones. • https://raw.githubusercontent.com/fuzzyap1/Vendors-System-Vulnerabilities/main/Home%20Owners%20Collection%20Management%20System/xss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-25096
https://notcve.org/view.php?id=CVE-2022-25096
25 Feb 2022 — Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/view_member.php. Se ha detectado que Home Owners Collection Management System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro id en el archivo /members/view_member.php. • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2022/Home-Owners-Collection-Management • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2022-25095
https://notcve.org/view.php?id=CVE-2022-25095
25 Feb 2022 — Home Owners Collection Management System v1.0 allows unauthenticated attackers to compromise user accounts via a crafted POST request. Home Owners Collection Management System versión v1.0, permite a atacantes no autenticados comprometer las cuentas de los usuarios por medio de una petición POST diseñada. • https://www.exploit-db.com/exploits/50730 •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 1CVE-2022-25094
https://notcve.org/view.php?id=CVE-2022-25094
25 Feb 2022 — Home Owners Collection Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the parameter "cover" in SystemSettings.php. Se ha detectado que Home Owners Collection Management System versión v1.0, contiene una vulnerabilidad de ejecución de código remota (RCE) por medio del parámetro "cover" en el archivo SystemSettings.php. • https://www.exploit-db.com/exploits/50731 •