CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28992
https://notcve.org/view.php?id=CVE-2022-28992
A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change admin credentials via a crafted POST request. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en Online Banquet Booking System versión v1.0, permite a atacantes cambiar las credenciales de administrador por medio de una petición POST diseñada • https://packetstormsecurity.com/files/166587/Online-Banquet-Booking-System-1.0-Cross-Site-Request-Forgery.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 14%CPEs: 1EXPL: 3CVE-2022-29009
https://notcve.org/view.php?id=CVE-2022-29009
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication. Múltiples vulnerabilidades de inyección SQL por medio de los parámetros username y password en el panel de administración de Cyber Cafe Management System Project versión v1.0, permiten a atacantes omitir la autenticación • https://github.com/sudoninja-noob/CVE-2022-29009 https://github.com/sudoninja-noob/CVE-2022-29009/blob/main/CVE-2022-29009.txt https://www.exploit-db.com/exploits/50355 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2022-29008
https://notcve.org/view.php?id=CVE-2022-29008
An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows attackers to access sensitive information. Una vulnerabilidad de referencia directa a objetos insegura (IDOR) en el parámetro viewid de Bus Pass Management System versión v1.0, permite a atacantes acceder a información confidencial • https://github.com/sudoninja-noob/CVE-2022-29008 https://github.com/sudoninja-noob/CVE-2022-29008/blob/main/CVE-2022-29008.txt https://www.exploit-db.com/exploits/50263 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 9.8EPSS: 14%CPEs: 1EXPL: 3CVE-2022-29007
https://notcve.org/view.php?id=CVE-2022-29007
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass authentication. Múltiples vulnerabilidades de inyección SQL por medio de los parámetros username y password en el panel de administración de Dairy Farm Shop Management System versión v1.0, permiten a atacantes omitir la autenticación • https://github.com/sudoninja-noob/CVE-2022-29007 https://github.com/sudoninja-noob/CVE-2022-29007/blob/main/CVE-2022-29007.txt https://www.exploit-db.com/exploits/50365 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 14%CPEs: 1EXPL: 3CVE-2022-29006
https://notcve.org/view.php?id=CVE-2022-29006
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication. Múltiples vulnerabilidades de inyección SQL por medio de los parámetros username y password en Admin panel of Directory Management System versión v1.0, permiten a atacantes omitir la autenticación • https://github.com/sudoninja-noob/CVE-2022-29006 https://github.com/sudoninja-noob/CVE-2022-29006/blob/main/CVE-2022-29006.txt https://www.exploit-db.com/exploits/50370 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •