High Vulnerabilities
Primary
Vendor — Product
Description
Published
CVSS Score
Source & Patch Info
badminton_center_management_system_project — badminton_center_management_system
Badminton Center Management System 1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_court_rental, id.
2022-05-24
7.5
CVE-2022-30455
MISC
battleye — battleye
BattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the system level.
2022-05-20
7.2
CVE-2022-27095
MISC
chatbot_application_with_a_suggestion_feature_project — chatbot_application_with_a_suggestion_feature
ChatBot Application with a Suggestion Feature 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /simple_chat_bot/admin/responses/view_response.php.
2022-05-20
7.5
CVE-2022-30518
MISC
MISC
chshcms — cscms_music_portal_system
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/pic/del.
2022-05-26
7.5
CVE-2022-29660
MISC
covid-19_directory_on_vaccination_system_project — covid-19_directory_on_vaccination_system
Sourcecodester Covid-19 Directory on Vaccination System1.0 is vulnerable to SQL Injection via the admin/login.php txtusername (aka Username) field.
2022-05-20
7.5
CVE-2022-28531
MISC
MISC
covid_19_travel_pass_management_system_project — covid_19_travel_pass_management_system
Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=update_application_status
2022-05-24
7.5
CVE-2022-30838
MISC
merchandise_online_store_project — merchandise_online_store
Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product.
2022-05-24
7.5
CVE-2022-30454
MISC
minitool — partition_wizard
MiniTool Partition Wizard v12.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.
2022-05-20
7.2
CVE-2022-29320
MISC
multi-vendor_online_groceries_management_system_project — multi-vendor_online_groceries_management_system
Multi-Vendor Online Groceries Management System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /products/view_product.php.
2022-05-20
7.5
CVE-2022-26632
MISC
nirweb — nirweb_support
The Nirweb support WordPress plugin before 2.8.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action (available to unauthenticated users), leading to an SQL injection
2022-05-23
7.5
CVE-2022-0781
MISC
online_sports_complex_booking_system_project — online_sports_complex_booking_system
Online Sports Complex Booking System v1.0 was discovered to allow attackers to take over user accounts via a crafted POST request.
2022-05-20
7.5
CVE-2022-28106
MISC
online_sports_complex_booking_system_project — online_sports_complex_booking_system
Online Sports Complex Booking System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /scbs/view_facility.php.
2022-05-20
7.5
CVE-2022-28105
MISC
pharmacy_management_system_project — pharmacy_management_system
Pharmacy Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file.
2022-05-20
7.5
CVE-2022-30887
MISC
privateinternetaccess — private_internet_access
Private Internet Access v3.3 contains an unquoted service path which allows attackers to escalate privileges to the system level.
2022-05-20
7.2
CVE-2022-27092
MISC
rengine_project — rengine
Rengine v1.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the yaml configuration function.
2022-05-20
7.5
CVE-2022-28995
MISC
rengine_project — rengine
OS Command Injection in GitHub repository yogeshojha/re