CVE-2022-2020 – SourceCodester Prison Management System System Name cross site scripting
https://notcve.org/view.php?id=CVE-2022-2020
A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=system_info of the component System Name Handler. The manipulation with the input <img src="" onerror="alert(1)"> leads to cross site scripting. The attack may be launched remotely. • https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System%28XSS%29.md https://vuldb.com/?id.201368 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-2019 – SourceCodester Prison Management System New User Creation improper authorization
https://notcve.org/view.php?id=CVE-2022-2019
A vulnerability classified as critical was found in SourceCodester Prison Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php?f=save of the component New User Creation. The manipulation leads to improper authorization. The attack can be launched remotely. • https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System--.md https://vuldb.com/?id.201367 • CWE-285: Improper Authorization •
CVE-2022-2018 – SourceCodester Prison Management System Inmate sql injection
https://notcve.org/view.php?id=CVE-2022-2018
A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. Affected is an unknown function of the file /admin/?page=inmates/view_inmate of the component Inmate Handler. The manipulation of the argument id with the input 1%27%20and%201=2%20union%20select%201,user(),3,4,5,6,7,8,9,0,database(),2,3,4,5,6,7,8,9,0,1,2,3,4--+ leads to sql injection. It is possible to launch the attack remotely. • https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System%28SQLI%29.md https://vuldb.com/?id.201366 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-2017 – SourceCodester Prison Management System Visit view_visit.php sql injection
https://notcve.org/view.php?id=CVE-2022-2017
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pms/admin/visits/view_visit.php of the component Visit Handler. The manipulation of the argument id with the input 2%27and%201=2%20union%20select%201,2,3,4,5,6,7,user(),database()--+ leads to sql injection. The attack may be initiated remotely. • https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System%28SQLI%292.md https://vuldb.com/?id.201365 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •