4 matches found
CVE-2022-43213
CVE-2022-43213 affects Billing System Project v1.0, where a SQL injection vulnerability exists in the id parameter of editorder.php. The issue is caused by improper input handling, enabling an attacker to manipulate SQL queries. The NVD/NVD-derived metrics rate impact as critical (C:H, I:H, A:H) ...
CVE-2022-41437
CVE-2022-41437 affects Billing System Project v1.0. A remote code execution (RCE) vulnerability is exposed through the /php_action/createProduct.php component. The NVD entry cites a network attack vector with low attack complexity and no user interaction, requiring high privileges, and results in...
CVE-2022-41439
CVE-2022-41439 affects Billing System Project v1.0. A SQL injection vulnerability exists in the id parameter of /phpinventory/edituser.php, exposing confidentiality, integrity, and availability (high impact). Root cause: improper handling of user-supplied id leading to SQLi. Exploitation: a PoC i...
CVE-2022-41440
CVE-2022-41440 affects Billing System Project v1.0, with a SQL injection vulnerability exploitable via the id parameter in /phpinventory/editcategory.php. Multiple connected sources confirm the issue as a SQL injection in that endpoint, but no concrete patch/version update is detailed in the prov...