CWE-89

CVE-2022-32403

February 23, 2023 by godfreyd94

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the ‘id’ parameter at /pms/admin/inmates/manage_record.php:4

CVE-2022-32404

February 23, 2023 by godfreyd94

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the ‘id’ parameter at /pms/admin/inmates/manage_inmate.php:3

CVE-2022-32405

February 23, 2023 by godfreyd94

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the ‘id’ parameter at /pms/admin/prisons/view_prison.php:4

The Build App Online WordPress plugin before 1.0.19 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection

CVE-2022-32415

February 23, 2023 by godfreyd94

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/?p=products/view_product&id=.

CVE-2022-32416

February 23, 2023 by godfreyd94

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_product.