11 matches found
CVE-2023-26856
The CVE-2023-26856 entry concerns Dynamic Transaction Queuing System v1.0, which contains a SQL injection in the login flow. Specifically, the vulnerability is exposed via the name parameter at /admin/ajax.php?action=login, enabling untrusted input to alter queries. The vulnerability is rooted in...
CVE-2022-45275
CVE-2022-45275 affects Dynamic Transaction Queuing System (DTQS) v1.0. The issue is an arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=save_settings that enables an attacker to execute arbitrary PHP code via a crafted file. Root cause appears to be improper handling/validati...
CVE-2022-46956
This CVE (CVE-2022-46956) affects Dynamic Transaction Queuing System v1.0. The issue is a SQL injection in the id parameter of /admin/manage_user.php, caused by improper handling of user-supplied input in that endpoint. The CVSS 3.1 vector indicates Network attack vector, low complexity, high pri...
CVE-2022-47790
Sourcecodester Dynamic Transaction Queuing System v1.0 is vulnerable to SQL Injection via /queuing/index.php?page=display&id=. The root cause is an injection flaw in the id parameter of that endpoint. Impact per CVSS indicates high confidentiality, integrity, and availability with a total score o...
CVE-2022-46952
Dynamic Transaction Queuing System v1.0 is affected by a SQL injection vulnerability in the id parameter of /admin/ajax.php?action=delete_user. The CVE-2022-46952 entry documents an in-app SQLi risk with high impact (C/H I/H A/H) and network-based access with no user interaction required; privile...
CVE-2022-46953
Dynamic Transaction Queuing System v1.0 contains a SQL injection vulnerability in /admin/ajax.php?action=save_window via the id parameter. The CVE entry lists a base score of 7.2 (HIGH) with network attack vector, low complexity, and no user interaction. Public connected sources corroborate the v...
CVE-2022-46954
Dynamic Transaction Queuing System v1.0 is affected by a SQL injection vulnerability in the /admin/ajax.php?action=delete_transaction endpoint via the id parameter. It is reported as a high-severity issue with CVSS 3.1 (CRITICAL) across NVD/CVE data, indicating an attacker could potentially read/...
CVE-2022-46951
Dynamic Transaction Queuing System v1.0 is affected by a SQL injection vulnerability in the id parameter of /admin/ajax.php?action=delete_uploads. The CVE entry (CVE-2022-46951) notes a high-severity impact (CVSS 7.2, HIGH) with network attack vector, low attack complexity, no user interaction, a...
CVE-2022-46950
CVE-2022-46950 affects Dynamic Transaction Queuing System v1.0. The issue is a SQL injection in the id parameter of /admin/ajax.php?action=delete_window (PHP/MySQL stack implied by CNNVD/CNNVD-derived entries). CVSS 3.1 base score 7.2 (HIGH) with impact on confidentiality, integrity, and availabi...
CVE-2022-46955
CVE-2022-46955 affects Dynamic Transaction Queuing System v1.0. The vulnerability is a SQL injection in the id parameter of /admin/ajax.php?action=save_queue, reported across multiple feeds. The CVSSv3.1 base metrics indicate an overall score of 9.8 (CRITICAL) with Network attack vector, no authe...
CVE-2023-26857
CVE-2023-26857 affects Dynamic Transaction Queuing System v1.0, with an arbitrary file upload vulnerability in /admin/ajax.php?action=save_uploads that enables remote code execution via a crafted PHP file. The CVSS v3.1 vector indicates NETWORK attack, LOW complexity, PRIVILEGES REQUIRED: HIGH, n...