Page 3 of 33 results (0.013 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in SourceCodester Prison Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /Account/login.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. • https://github.com/fubxx/CVE/blob/main/PrisonManagementSystemSQL2.md https://vuldb.com/?ctiid.259692 https://vuldb.com/?id.259692 https://vuldb.com/?submit.312204 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in SourceCodester Prison Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /Admin/login.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/fubxx/CVE/blob/main/PrisonManagementSystemSQL1.md https://vuldb.com/?ctiid.259691 https://vuldb.com/?id.259691 https://vuldb.com/?submit.312203 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /Admin/add-admin.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted upload. The attack may be initiated remotely. • https://github.com/fubxx/CVE/blob/main/PrisonManagementSystemRCE2.md https://vuldb.com/?ctiid.259631 https://vuldb.com/?id.259631 https://vuldb.com/?submit.311920 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /Admin/edit-photo.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted upload. The attack can be initiated remotely. • https://github.com/fubxx/CVE/blob/main/PrisonManagementSystemRCE.md https://vuldb.com/?ctiid.259630 https://vuldb.com/?id.259630 https://vuldb.com/?submit.311919 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/prisons/view_prison.php:4 Se ha detectado que Prison Management System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro "id" en el archivo /pms/admin/prisons/view_prison.php:4 • https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32405.md https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •