CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-27992 – PHPGurukul Zoo Management System 1.0 SQL Injection
https://notcve.org/view.php?id=CVE-2022-27992
Zoo Management System v1.0 was discovered to contain a SQL injection vulnerability at /public_html/animals via the class_id parameter. Se ha detectado que Zoo Management System versión v1.0, contiene una vulnerabilidad de inyección SQL en /public_html/animals por medio del parámetro class_id PHPGurukul Zoo Management System version 1.0 suffers from a remote SQL injection vulnerability. • http://packetstormsecurity.com/files/166648/PHPGurukul-Zoo-Management-System-1.0-SQL-Injection.html https://github.com/D4rkP0w4r/CVEs/blob/main/Zoo%20Management%20System%20SQLI/POC.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 7%CPEs: 1EXPL: 3CVE-2022-27351 – PHPGurukul Zoo Management System 1.0 Shell Upload
https://notcve.org/view.php?id=CVE-2022-27351
Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /public_html/apply_vacancy. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. Se ha detectado que Zoo Management System versión v1.0, contiene una vulnerabilidad de carga de archivos arbitraria por medio de /public_html/apply_vacancy. Esta vulnerabilidad permite a atacantes ejecutar código arbitrario por medio de un archivo PHP diseñado PHPGurukul Zoo Management System version 1.0 suffers from a remote shell upload vulnerability. • http://packetstormsecurity.com/files/166651/PHPGurukul-Zoo-Management-System-1.0-Shell-Upload.html https://drive.google.com/file/d/14WEhaUdOaKdwM8Mlztuko4nnQsmoe89O/view?usp=sharing https://github.com/D4rkP0w4r/CVEs/blob/main/Zoo%20Management%20System%20Upload%20%2B%20RCE/POC.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46110
https://notcve.org/view.php?id=CVE-2021-46110
Online Shopping Portal v3.1 was discovered to contain multiple time-based SQL injection vulnerabilities via the email and contactno parameters. Se ha detectado que Online Shopping Portal versión v3.1, contiene múltiples vulnerabilidades de inyección SQL basadas en el tiempo por medio de los parámetros email y contactno • https://giant-falcon-36d.notion.site/Online-Shopping-Portal-2924d0ad55e94c4cb2359b0d098c4db6 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2022-24226
https://notcve.org/view.php?id=CVE-2022-24226
Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php. Se ha detectado que Hospital Management System versión v4.0, contiene una vulnerabilidad de inyección SQL ciega por medio de la función register en el archivo func2.php • https://github.com/Nguyen-Trung-Kien/CVE https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24226/CVE-2022-24226.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36062
https://notcve.org/view.php?id=CVE-2020-36062
Dairy Farm Shop Management System v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised. Se ha detectado que Dairy Farm Shop Management System versión v1.0, contiene credenciales embebidas en el código fuente que permiten a atacantes acceder al panel de control si están comprometidos • https://github.com/VivekPanday12/CVE-/issues/3 https://phpgurukul.com https://phpgurukul.com/dairy-farm-shop-management-system-using-php-and-mysql • CWE-798: Use of Hard-coded Credentials •