17 matches found
CVE-2023-1556
SourceCodester Judging Management System 1.0 has a SQL injection vulnerability in summary_results.php triggered by manipulating the main_event_id parameter. Exploitation is possible remotely, and public disclosures exist for CVE-2023-1556 (VDB-223549). Affected function appears to be an unknown a...
CVE-2023-24643
CVE-2023-24643 affects Judging Management System v1.0. The vulnerability is a SQL injection in the sid parameter of /php-jms/updateBlankTxtview.php. CVSS 3.1 base score 9.8 (CRITICAL) with NETWORK attack vector, no privileges, no user interaction required. Impact: high confidentiality, integrity,...
CVE-2023-5589
The CVE-2023-5589 entry concerns SourceCodester Judging Management System 1.0. The vulnerability affects the login.php file, where the password parameter can be manipulated to trigger SQL injection. Exploitation is described as remote, with public disclosures of the exploit. Impact is high/critic...
CVE-2023-30245
CVE-2023-30245 affects Judging Management System v1.0. The vulnerability is a SQL injection in the crit_id parameter of edit_criteria.php due to insufficient input validation, enabling remote execution of arbitrary code. The issue is documented across multiple sources (CNVD, Red Hat, NVD, CNNVD, ...
CVE-2023-2108
CVE-2023-2108 affects SourceCodester Judging Management System 1.0, with a vulnerability in the edit_contestant.php function where manipulating contestant_id enables SQL injection. The issue is exploitable remotely and has been disclosed publicly. Affected file is either edit_contestant.php or re...
CVE-2023-24642
Judging Management System v1.0 is affected by a SQL injection in the sid parameter of /php-jms/updateTxtview.php (CVE-2023-24642). The vulnerability is confirmed in multiple sources in the Connected documents; CVSS v3.1 indicates a CRITICAL severity (9.8) with network access, no authentication, a...
CVE-2023-24317
Judging Management System 1.0 contains an arbitrary file upload vulnerability in the edit_organizer.php component. CVSSv3.1: 8.1 (HIGH) with Network attack vector, Low complexity, Privileges Required: LOW, User Interaction: NONE, Scope: UNCHANGED; Confidentiality and Integrity impacts HIGH, Avail...
CVE-2022-46622
CVE-2022-46622 is an XSS vulnerability in the Judging Management System v1.0. A crafted payload injected into the firstname parameter can cause execution of arbitrary web scripts/HTML. The CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N with a base score of 6.1 (Medium) ; impact is noted ...
CVE-2022-46623
CVE-2022-46623 affects Judging Management System v1.0.0, with a SQL injection vulnerability exploitable via the username parameter. The available documents consistently describe the issue as a SQL injection in the username field, but do not provide concrete details on exploited versions beyond 1....
CVE-2023-30077
Judging Management System v1.0 (oretnom23) is vulnerable to SQL injection via /php-jms/review_result.php?mainevent_id=, mainevent_id. CVSS v3.1 base score 9.8 (CRITICAL) with network access, no user interaction required. The issue affects the endpoint handling the mainevent_id parameter and is de...
CVE-2023-24641
CVE-2023-24641 pertains to Judging Management System v1.0, where a SQL injection vulnerability exists in the updateview.php endpoint via the sid parameter. Concrete details across connected sources confirm a high-severity issue (CVSS v3.1: 9.8, CRITICAL) with network access, no user interaction, ...
CVE-2023-30203
CVE-2023-30203 affects Judging Management System v1.0, where a SQL injection exists via the event_id parameter in /php-jms/result_sheet.php. The vulnerability arises from unsafeguarded input handling in that endpoint, enabling an attacker to manipulate SQL queries. Documentation consistently desc...
CVE-2023-30018
CVE-2023-30018 affects Judging Management System v1.0. The connected records confirm a SQL Injection vulnerability in the application, exploitable via the parameter mainevent_id in /php-jms/review_se_result.php. The CVSSv3.1 metrics indicate a critical impact (base score 9.8; confidentiality, int...
CVE-2023-30204
Judging Management System v1.0 is affected by a SQL injection vulnerability in the judge_id parameter of /php-jms/edit_judge.php. The issue is confirmed across multiple feeds linked to CVE-2023-30204, with CVSS v3.1 scores of 9.8 (CRITICAL, NETWORK external access, no user interaction required). ...
CVE-2023-30246
CVE-2023-30246 affects Judging Management System v1.0. The issue is a SQL injection via the contestant_id parameter, enabling a remote attacker to execute arbitrary code. The CVSS v3.1 vector from sources indicates a CRITICAL base score (9.8) with NETWORK attack vector, LOW attack complexity, and...
CVE-2023-30076
CVE-2023-30076 affects Sourcecodester Judging Management System v1.0. It is a SQL Injection vulnerability in print_judges.php (endpoint /php-jms/print_judges.php?print_judges.php=&se_name=&sub_event_id=). Underlying issue is unsafely constructed SQL in the affected script. Impact is rated high ac...
CVE-2023-37682
Judging Management System v1.0 contains an SQL injection in /php-jms/deductScores.php triggered by the id parameter due to insufficient input validation. Public sources (CNVD, Red Hat, NVD and others) describe that this allows arbitrary SQL execution and potential access to sensitive database dat...