21 matches found
CVE-2022-29683
CVE-2022-29683 affects CSCMS Music Portal System v4.2, with a blind SQL injection vulnerability exposed through the id parameter at /admin.php/Label/page_del. The root cause, as described in multiple records, is missing validation of external input in the SQL statement used by that endpoint. CVSS...
CVE-2022-29663
CSCMS Music Portal System v4.2 contains a SQL injection vulnerability in the id parameter of /admin.php/pic/admin/type/hy. The issue arises from lack of input validation, enabling attackers to inject SQL statements to access or exfiltrate database data. Affected product is CSCMS Music Portal Syst...
CVE-2022-29667
CVE-2022-29667 affects CSCMS Music Portal System v4.2 and involves a SQL injection vulnerability in the path /admin.php/pic/admin/pic/hy, exploitable by restoring deleted photos. Root cause: lack of input validation on the id parameter leading to SQL command execution. Impact is reported as data ...
CVE-2022-29684
CVE-2022-29684 affects CSCMS Music Portal System v4.2. A blind SQL injection is reachable via the id parameter in /admin.php/Label/js_del (missing input validation). Documented impact is partial/high depending on metric, but no explicit exploit details or patches are provided in the supplied sour...
CVE-2022-29687
CVE-2022-29687 affects CSCMS Music Portal System v4.2. A blind SQL injection exists in the id parameter of /admin.php/user/level_del, enabling potential unauthorized SQL execution. Per the CVE, impact includes partial confidentiality, integrity, and availability (CVSS 3.1: HIGH impact). No explic...
CVE-2022-29665
Summary of vulnerability (CVE-2022-29665): CSCMS Music Portal System v4.2 contains a SQL injection flaw via the id parameter in the endpoint /admin.php/news/admin/topic/save. The issue is triggered by unsafely constructed external input, enabling an attacker to potentially manipulate database que...
CVE-2022-29670
CVE-2022-29670 affects CSCMS Music Portal System v4.2. A SQL injection is exposed via the id parameter on /admin.php/pic/admin/type/del, potentially exposing or altering database data. Several connected sources corroborate the vulnerability; exploitation details or a patch are not provided in the...
CVE-2022-29661
CVE-2022-29661 affects CSCMS Music Portal System v4.2. It has a blind SQL injection in the id parameter of /admin.php/pic/admin/type/save due to lack of input validation, enabling an attacker to execute SQL statements and potentially exfiltrate data. Root cause: unsanitized id parameter. Impact a...
CVE-2022-29688
CVE-2022-29688 affects CSCMS Music Portal System v4.2. A blind SQL injection is exposed via the id parameter in /admin.php/singer/admin/singer/hy, due to insufficient input validation. The issue is confirmed across multiple sources in the Connected documents (NVD entry and Red Hat CNVD/CVE relati...
CVE-2022-29676
CVE-2022-29676 affects CSCMS Music Portal System v4.2, with a SQL injection vulnerability via the id parameter in /admin.php/pic/admin/lists/zhuan. Root cause: improper handling/unsafely constructed SQL from the id input, allowing attackers to execute SQL commands. Documents consistently describe...
CVE-2022-29669
CVE-2022-29669 affects CSCMS Music Portal System v4.2, with a SQL injection vulnerability in /admin.php/news/admin/lists/zhuan exploitable via the id parameter. The root cause is improper validation/handling of external input which allows arbitrary SQL execution, leading to potential unauthorized...
CVE-2022-29682
CVE-2022-29682 affects CSCMS Music Portal System v4.2. The vulnerability is a blind SQL injection reachable via the id parameter in the administrative endpoint: /admin.php/vod/admin/topic/del. Public advisories describe the issue as an SQL injection that allows potentially unauthorized SQL statem...
CVE-2022-29686
CVE-2022-29686 affects CSCMS Music Portal System v4.2 and is due to a blind SQL injection in the id parameter of the endpoint /admin.php/singer/admin/lists/zhuan. The connected sources consistently describe a SQLi vulnerability that can expose or alter data in the backend; no exploitation details...
CVE-2022-29680
CVE-2022-29680 affects CSCMS Music Portal System v4.2. A blind SQL injection exists in the id parameter of /admin.php/user/zu_del due to lack of input validation, enabling potential unauthorized access to database data. CVSS metrics present: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (NVD 3.1) and CVSS2...
CVE-2022-29681
The CVE-2022-29681 entry concerns CSCMS Music Portal System v4.2, which is reported to have a blind SQL injection vulnerability in the id parameter of /admin.php/Links/del. The connected sources (CNVD, Red Hat, CVE listings, and related notices) describe the issue as a lack of input validation th...
CVE-2022-29685
CVE-2022-29685 affects CSCMS Music Portal System v4.2. The vulnerability is a blind SQL injection in the id parameter of /admin.php/User/level_sort, caused by lack of input validation. This can lead to unauthorized SQL execution and exposure of database data (confidentiality, integrity, and avail...
CVE-2022-29666
CVE-2022-29666 affects CSCMS Music Portal System v4.2. A SQL injection vulnerability exists in the id parameter of /admin.php/pic/admin/lists/zhuan, caused by inadequate input validation. The CNVD/Red Hat/NVD records describe an ability to execute arbitrary SQL to exfiltrate data. There is no pat...
CVE-2022-29662
The CVE-2022-29662 issue affects CSCMS Music Portal System v4.2, where a SQL injection vulnerability exists via the id parameter in /admin.php/news/admin/news/save. The root cause is lack of validation for external input SQL statements, enabling an attacker to potentially execute arbitrary SQL an...
CVE-2022-29660
CVE-2022-29660 affects CSCMS Music Portal System v4.2. A SQL injection vulnerability exists in the id parameter of /admin.php/pic/admin/pic/del. Root cause: missing input validation for external SQL statements. Impact: allows unauthorized data access/ tampering with the database (as reflected by ...
CVE-2022-29664
CVE-2022-29664 affects CSCMS Music Portal System v4.2. A SQL injection vulnerability exists via the id parameter in /admin.php/pic/admin/type/pl_save caused by lack of input validation. Impact described in CNVD/RH notes: an attacker can execute arbitrary SQL to steal sensitive data. CVSSv3.1 base...
CVE-2022-29689
CVE-2022-29689 impacts CSCMS Music Portal System v4.2, with a blind SQL injection in the id parameter at /admin.php/singer/admin/singer/del. Public sources (CNVD/CNNVD) attribute the vulnerability to a lack of input validation on the id parameter, enabling construction of externally entered SQL s...