4 matches found
CVE-2022-28080
Product: Royal Event Management System v1.0 (SourceCodester PHP project). Vulnerability: SQL injection via the todate parameter in /royal_event/btndates_report.php (authenticated context per exploit details). Root cause: Lack of input validation/unsafe SQL construction allowing injection. Impact ...
CVE-2022-1102
SourceCodester Royale Event Management System 1.0 has a cross-site scripting vulnerability in /royal_event/companyprofile.php. The issue arises from manipulation of the parameters companyname, regno, companyaddress, or companyemail, leading to XSS. Exploitation can be remote. Multiple references ...
CVE-2022-1101
CVE-2022-1101 affects SourceCodester Royale Event Management System 1.0. The vulnerability resides in the processing of /royal_event/userregister.php, causing improper authentication that could be exploited remotely. Multiple connected sources confirm the issue exists with attack vector over the ...
CVE-2022-38323
CVE-2022-38323 affects Event Management System v1.0. The vulnerability is an arbitrary file upload in the /Royal_Event/update_image.php component, enabling remote code execution via a crafted PHP file. Several sources (NVD/Red Hat/others) confirm the issue and its high severity (CVSS v3.1: HIGH, ...