31 matches found
Online Banking System SQL Injection Vulnerability (CNVD-2022-68373)
Online Banking System is an online banking system developed using PHP and MySQL. v1.0 of Online Banking System contains a security vulnerability that originates in the searchterm parameter in the /net-banking/transactions.php location. injection issue in the searchterm parameter at...
CVE-2022-40119
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the searchterm parameter at /net-banking/transactions.php...
CVE-2022-40118
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the custid parameter at /net-banking/sendfundsaction.php...
CVE-2022-40121
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/managecustomers.php...
CVE-2022-40122
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the custid parameter at /net-banking/editcustomeraction.php...
CVE-2022-40114
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the custid parameter at /net-banking/editcustomer.php...
CVE-2022-40113
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the custid parameter at /net-banking/sendfunds.php...
CVE-2022-40116
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/beneficiary.php...
CVE-2022-40120
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the searchterm parameter at /net-banking/customertransactions.php...
Sql injection
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the custid parameter at /net-banking/sendfundsaction.php...
Sql injection
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the custid parameter at /net-banking/deletebeneficiary.php...
CVE-2022-40120
CVE-2022-40120 affects Online Banking System v1.0. The vulnerability is a SQL injection in the search_term parameter of /net-banking/customer_transactions.php. Root cause: unsanitized input used in SQL queries. Impact (per CVSS v3.1): Confidentiality HIGH, Integrity HIGH, Availability HIGH (score...
CVE-2022-40118
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the custid parameter at /net-banking/sendfundsaction.php...
CVE-2022-40119
Online Banking System v1.0 contains an SQL injection vulnerability in the search_term parameter of /net-banking/transactions.php. The underlying issue is unsanitized user input leading to potential disclosure/integrity/availability impact (CVSS v3.1 base score 9.8, CRITICAL). Exploitation details...
CVE-2022-40117
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the custid parameter at /net-banking/deletecustomer.php...
CVE-2022-40116
CVE-2022-40116 affects Online Banking System v1.0. The vulnerability is a SQL injection in the search parameter of /net-banking/beneficiary.php, arising from improper input handling. CVSSv3.1 indicates NETWORK attack vector, no authentication, with 0 user interaction and high impacts to confident...
CVE-2022-40117
CVE-2022-40117 affects Online Banking System v1.0, with a SQL injection in the cust_id parameter of /net-banking/delete_customer.php. Root cause: unsafe SQL handling in PHP/MySQL leads to potential unauthorized data access/modification. Impact per metrics: base CVSS 3.1 score 9.8 (CRITICAL); atta...
CVE-2022-40115
CVE-2022-40115 affects Online Banking System v1.0, with a SQL injection vulnerability in /net-banking/delete_beneficiary.php via the cust_id parameter. The CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (base score 9.8; CRITICAL). Exploitation requires network access, no user interaction...
CVE-2022-40114
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the custid parameter at /net-banking/editcustomer.php...
CVE-2022-40114
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the custid parameter at /net-banking/editcustomer.php...