CVE-2022-41515
Open Source SACCO Management System v1.0 contains a SQL injection in the endpoint /sacco_shield/ajax.php?action=delete_payment via the id parameter. The affected component is the delete_payment path under sacco_shield; root cause is unsafely interpolated id input. CVSSv3.1 metrics indicate HIGH i...