CVE-2022-40928
CVE-2022-40928 affects Online Leave Management System v1.0 and is due to a SQL Injection in the endpoint "/leave_system/classes/Master.php?f=delete_application". The root cause is lack of validation/externalization of SQL statements in that API path, enabling an attacker to manipulate the databas...