CVE-2022-32394
https://notcve.org/view.php?id=CVE-2022-32394
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/view_inmate.php:3 Se ha detectado que Prison Management System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro "id" en el archivo /pms/admin/inmates/view_inmate.php:3 • https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32394.md https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-32393
https://notcve.org/view.php?id=CVE-2022-32393
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/cells/view_cell.php:4 Se ha detectado que Prison Management System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro "id" en el archivo /pms/admin/cells/view_cell.php:4 • https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32393.md https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-32392
https://notcve.org/view.php?id=CVE-2022-32392
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/actions/manage_action.php:4 Se ha detectado que Prison Management System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro "id" en el archivo /pms/admin/actions/manage_action.php:4 • https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32392.md https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-32391
https://notcve.org/view.php?id=CVE-2022-32391
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/actions/view_action.php:4 Se ha detectado que Prison Management System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro "id" en el archivo /pms/admin/actions/view_action.php:4 • https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32391.md https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-2020 – SourceCodester Prison Management System System Name cross site scripting
https://notcve.org/view.php?id=CVE-2022-2020
A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=system_info of the component System Name Handler. The manipulation with the input <img src="" onerror="alert(1)"> leads to cross site scripting. The attack may be launched remotely. • https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System%28XSS%29.md https://vuldb.com/?id.201368 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •