CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-44096
https://notcve.org/view.php?id=CVE-2022-44096
30 Nov 2022 — Sanitization Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. Se descubrió que Sanitization Management System v1.0 contiene credenciales codificadas que permiten a los atacantes escalar privilegios y acceder al panel de administración. • https://github.com/upasvi/CVE-/issues/1 • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-44151
https://notcve.org/view.php?id=CVE-2022-44151
30 Nov 2022 — Simple Inventory Management System v1.0 is vulnerable to SQL Injection via /ims/login.php. Simple Inventory Management System v1.0 es vulnerable a la inyección SQL a través de /ims/login.php. • https://github.com/li-baige/bug_report/blob/main/vendors/oretnom23/Simple%20Inventory%20Management%20System/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45214
https://notcve.org/view.php?id=CVE-2022-45214
28 Nov 2022 — A cross-site scripting (XSS) vulnerability in Sanitization Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter at /php-sms/classes/Login.php. Una vulnerabilidad de Cross-Site Scripting (XSS) en Sanitization Management System v1.0.0 permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectado en el parámetro de nombre de usuario en /php-sms/classes/Login.php. • https://github.com/Rajeshwar40/CVE/blob/main/CVE-2022-45214.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-44278
https://notcve.org/view.php?id=CVE-2022-44278
23 Nov 2022 — Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=user/manage_user&id=. Sanitization Management System v1.0 es vulnerable a la inyección SQL a través de /php-sms/admin/?page=user/manage_user&id=. • https://github.com/Onetpaer/bug_report/blob/main/vendors/oretnom23/sanitization-management-system/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3992 – SourceCodester Sanitization Management System Banner Image cross site scripting
https://notcve.org/view.php?id=CVE-2022-3992
14 Nov 2022 — A vulnerability classified as problematic was found in SourceCodester Sanitization Management System. Affected by this vulnerability is an unknown functionality of the file admin/?page=system_info of the component Banner Image Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. • https://github.com/Urban4/CVE-2022-3992 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43350
https://notcve.org/view.php?id=CVE-2022-43350
07 Nov 2022 — Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_inquiry. Se descubrió que Sanitization Management System v1.0 contenía una vulnerabilidad de inyección SQL a través del parámetro id en /php-sms/classes/Master.php?f=delete_inquiry. • https://github.com/Hujozay/bug_report/blob/main/vendors/oretnom23/sanitization-management-system/SQLi-2.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43351
https://notcve.org/view.php?id=CVE-2022-43351
07 Nov 2022 — Sanitization Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img. Se descubrió que Sanitization Management System v1.0 contenía una vulnerabilidad de eliminación de archivos arbitraria a través del componente /classes/Master.php?f=delete_img. • https://github.com/Hujozay/bug_report/blob/main/vendors/oretnom23/sanitization-management-system/delete-file-1.md •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43352
https://notcve.org/view.php?id=CVE-2022-43352
07 Nov 2022 — Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_quote. Se descubrió que Sanitization Management System v1.0 contenía una vulnerabilidad de inyección SQL a través del parámetro id en /php-sms/classes/Master.php?f=delete_quote. • https://github.com/Hujozay/bug_report/blob/main/vendors/oretnom23/sanitization-management-system/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3868 – SourceCodester Sanitization Management System sql injection
https://notcve.org/view.php?id=CVE-2022-3868
05 Nov 2022 — A vulnerability classified as critical has been found in SourceCodester Sanitization Management System. Affected is an unknown function of the file /php-sms/classes/Master.php?f=save_quote. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. • https://github.com/x9AD8/Sanitization-Management-System/blob/main/README.md • CWE-707: Improper Neutralization •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43353
https://notcve.org/view.php?id=CVE-2022-43353
01 Nov 2022 — Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order. Se descubrió que Sanitization Management System v1.0 contenía una vulnerabilidad de inyección SQL a través del parámetro id en /admin/?page=orders/view_order. • https://github.com/daytime888/bug_report/blob/main/vendors/oretnom23/sanitization-management-system/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •