CVE-2022-46623
https://notcve.org/view.php?id=CVE-2022-46623
Judging Management System v1.0.0 was discovered to contain a SQL injection vulnerability via the username parameter. Se descubrió que Judging Management System v1.0.0 contenía una vulnerabilidad de inyección SQL a través del parámetro de nombre de usuario. • https://github.com/sudoninja-noob/CVE-2022-46623 https://github.com/sudoninja-noob/CVE-2022-46623/blob/main/CVE-2022-46623 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-46622
https://notcve.org/view.php?id=CVE-2022-46622
A cross-site scripting (XSS) vulnerability in Judging Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter. Una vulnerabilidad de cross-site scripting (XSS) en Judging Management System v1.0 permite a los atacantes ejecutar scripts web o HTML de su elección a través de un payload manipulado inyectado en el parámetro de nombre. • https://github.com/sudoninja-noob/CVE-2022-46622 https://github.com/sudoninja-noob/CVE-2022-46622/blob/main/CVE-2022-46622 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •