CVE-2022-40049

2023-01-0600:00:00

mitre

www.cve.org

sql injection

theme park ticketing system

remote attackers

sensitive information

manage user page

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.0%

JSON

SQL injection vulnerability in sourcecodester Theme Park Ticketing System 1.0 allows remote attackers to view sensitive information via the id parameter to the /tpts/manage_user.php page.

References

github.com/Manba6/Bug_report/blob/main/vendors/oretnom23/theme-park-ticketing-system/SQLi-1.md