Lucene search

Home Owners Collection Management System Project Security Vulnerabilities

cve

CVE-2022-25016

Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /student_attendance/index.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

9.8CVSS

9.6AI Score

0.003EPSS

2022-03-02 05:15 PM

cve

CVE-2022-25028

Home Owners Collection Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the collected_by parameter under the List of Collections module.

6.1CVSS

6AI Score

0.001EPSS

2022-02-28 11:15 PM

cve

CVE-2022-25045

Home Owners Collection Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.

9.8CVSS

9.7AI Score

0.002EPSS

2022-03-02 09:15 PM

cve

CVE-2022-25094

Home Owners Collection Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the parameter "cover" in SystemSettings.php.

8.8CVSS

9AI Score

0.027EPSS

2022-02-26 12:15 AM

cve

CVE-2022-25095

Home Owners Collection Management System v1.0 allows unauthenticated attackers to compromise user accounts via a crafted POST request.

9.8CVSS

9.2AI Score

0.011EPSS

2022-02-26 12:15 AM

cve

CVE-2022-25096

Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/view_member.php.

9.8CVSS

9.7AI Score

0.008EPSS

2022-02-26 12:15 AM

cve

CVE-2022-25115

A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user/manage_user of Home Owners Collection Management System v1.0 allows attackers to execute arbitrary code via a crafted PNG file.

7.8CVSS

8AI Score

0.002EPSS

2022-03-02 11:15 PM

cve

CVE-2022-28077

Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['s'] parameter.

6.1CVSS

6AI Score

0.001EPSS

2022-05-11 02:15 PM

cve

CVE-2022-28078

Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['page'] parameter.

6.1CVSS

6AI Score

0.001EPSS

2022-05-11 02:15 PM

cve

CVE-2022-28414

Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_member.

9.8CVSS

9.7AI Score

0.002EPSS

2022-04-21 08:15 PM

cve

CVE-2022-28415

Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_collection.

9.8CVSS

9.7AI Score

0.002EPSS

2022-04-21 08:15 PM

cve

CVE-2022-28416

Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_phase.

9.8CVSS

9.7AI Score

0.002EPSS

2022-04-21 08:15 PM

cve

CVE-2022-28417

Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_phase.

9.8CVSS

9.8AI Score

0.002EPSS

2022-04-21 08:15 PM