3 matches found
CVE-2023-30016
The CVE-2023-30016 entry concerns Oretnom23 Judging Management System v1.0 with a SQL Injection in the sub_event_details_edit.php endpoint (via the sub_event_id parameter) that could allow remote attackers to execute arbitrary code and access sensitive data. Multiple sources corroborate the same ...
CVE-2023-30015
The CVE-2023-30015 entry describes a SQL Injection in oretnom23 Judging Management System v1.0, enabling remote attackers to execute arbitrary code and access sensitive data via the txtsearch parameter in review_search.php. Affected component: review_search.php; vulnerability type: SQL injection;...
CVE-2023-30014
CVE-2023-30014 affects oretnom23 Judging Management System v1.0. A SQL injection in sub_event_stat_update.php via the sub_event_id parameter allows remote attackers to potentially access arbitrary data and escalate to arbitrary code execution (per CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). T...