6 matches found
CVE-2022-31970
CVE-2022-31970 describes a SQL injection vulnerability in ChatBot App with Suggestion v1.0. The issue affects the admin interface at /simple_chat_bot/admin/?page=responses/manage_response&id= where external input is not validated, allowing an attacker to inject SQL statements. Public sources (NVD...
CVE-2022-31969
CVE-2022-31969 affects the ChatBot App with Suggestion v1.0, where the vulnerability is a SQL Injection in the admin page parameter: /simple_chat_bot/admin/?page=user/manage_user&id=. The root cause is lack of input validation/parameterization on the id parameter, enabling arbitrary SQL execution...
CVE-2022-31971
CVE-2022-31971 affects ChatBot App with Suggestion v1.0. The vulnerability is a SQL Injection in the admin view, exposed via the URL parameter /simple_chat_bot/admin/?page=responses/view_response&id=, where user-controlled input can influence SQL queries. Root cause described across connected sou...
CVE-2022-31966
ChatBot App with Suggestion v1.0 is affected by CVE-2022-31966. Affected component: /simple_chat_bot/classes/Master.php. Root cause: lack of filename validation in the delete_img function, enabling arbitrary file deletion through the parameter f=delete_img. Impact: arbitrary deletion of files as ...
CVE-2022-30459
CVE-2022-30459 affects the ChatBot App with Suggestion in PHP/OOP v1.0. The vulnerability is a SQL injection in the Master.php endpoint when the parameter f is set to delete_response and id is supplied, due to insufficient input validation. This can allow manipulation of the underlying database, ...
CVE-2022-30464
CVE-2022-30464 concerns a Cross Site Scripting (XSS) vulnerability in the ChatBot App with Suggestion in PHP/OOP v1.0. The issue is triggered via the endpoint /simple_chat_bot/classes/Master.php?f=save_response, where user-supplied input appears to be processed without proper sanitization, enabli...