CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1556 – SourceCodester Judging Management System summary_results.php sql injection
https://notcve.org/view.php?id=CVE-2023-1556
22 Mar 2023 — A vulnerability was found in SourceCodester Judging Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file summary_results.php. The manipulation of the argument main_event_id leads to sql injection. The attack can be launched remotely. • https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/judging-management-system/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24641
https://notcve.org/view.php?id=CVE-2023-24641
03 Mar 2023 — Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateview.php. • https://github.com/594238758/mycve/blob/main/judging-management-system/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24642
https://notcve.org/view.php?id=CVE-2023-24642
03 Mar 2023 — Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateTxtview.php. • https://github.com/594238758/mycve/blob/main/judging-management-system/SQLi-2.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24643
https://notcve.org/view.php?id=CVE-2023-24643
03 Mar 2023 — Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateBlankTxtview.php. • https://github.com/594238758/mycve/blob/main/judging-management-system/SQLi-3.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.5EPSS: 3%CPEs: 1EXPL: 1CVE-2023-24317
https://notcve.org/view.php?id=CVE-2023-24317
23 Feb 2023 — Judging Management System 1.0 was discovered to contain an arbitrary file upload vulnerability via the component edit_organizer.php. • https://github.com/angelopioamirante/CVE-2023-24317 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-46622
https://notcve.org/view.php?id=CVE-2022-46622
12 Jan 2023 — A cross-site scripting (XSS) vulnerability in Judging Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter. Una vulnerabilidad de cross-site scripting (XSS) en Judging Management System v1.0 permite a los atacantes ejecutar scripts web o HTML de su elección a través de un payload manipulado inyectado en el parámetro de nombre. • https://github.com/sudoninja-noob/CVE-2022-46622 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-46623
https://notcve.org/view.php?id=CVE-2022-46623
12 Jan 2023 — Judging Management System v1.0.0 was discovered to contain a SQL injection vulnerability via the username parameter. Se descubrió que Judging Management System v1.0.0 contenía una vulnerabilidad de inyección SQL a través del parámetro de nombre de usuario. • https://github.com/sudoninja-noob/CVE-2022-46623 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •