CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2022-31897 – Zoo Management System 1.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2022-31897
SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via public_html/register_visitor?msg=. SourceCodester Zoo Management System versión 1.0, es vulnerable a un ataque de tipo Cross Site Scripting (XSS) por medio de public_html/register_visitor?msg= Zoo Management System version 1.0 suffers from a cross site scripting vulnerability. • https://github.com/angelopioamirante/CVE-2022-31897 http://sourcecodester.com https://packetstormsecurity.com/files/167572/Zoo-Management-System-1.0-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31382
https://notcve.org/view.php?id=CVE-2022-31382
Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter in search-dirctory.php. Se ha detectado que Directory Management System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro searchdata en el archivo search-dirctory.php • http://directory.com http://phpgurukul.com https://github.com/laotun-s/POC/blob/main/CVE-2022-31382.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31383
https://notcve.org/view.php?id=CVE-2022-31383
Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in view-directory.php. Se ha detectado que Directory Management System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro editid en el archivo view-directory.php • http://directory.com http://phpgurukul.com https://github.com/laotun-s/POC/blob/main/CVE-2022-31383.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31384
https://notcve.org/view.php?id=CVE-2022-31384
Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the fullname parameter in add-directory.php. Se ha detectado que Directory Management System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro fullname en el archivo add-directory.php • http://directory.com http://phpgurukul.com https://github.com/laotun-s/POC/blob/main/CVE-2022-31384.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31914
https://notcve.org/view.php?id=CVE-2022-31914
Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via zms/admin/public_html/save_animal?an_id=24. Zoo Management System versión v1.0 es vulnerable a Cross Site Scripting (XSS) a través de zms/admin/public_html/save_animal?an_id=24 • https://github.com/mikeccltt/0525/blob/main/zoo-management-system/xss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •