20 matches found
CVE-2022-32400
The CVE-2022-32400 issue affects Prison Management System v1.0, where SQL injection is possible via the id parameter in /pms/admin/user/manage_user.php. The root cause, as described in multiple sources, is a lack of input filtering/escaping, allowing an attacker to inject SQL commands to access o...
CVE-2022-32395
CVE-2022-32395 affects Prison Management System v1.0. The vulnerability is a SQL injection in the application layer, exploitable via the id parameter in /pms/admin/crimes/manage_crime.php, caused by lack of input filtering/escaping for the id value (CNVD-2022-48391 reference corroborates this). C...
CVE-2022-32405
CVE-2022-32405 affects Prison Management System v1.0. The vulnerability is a SQL injection in the parameter id of /pms/admin/prisons/view_prison.php:4, caused by lack of SQL data filtering/escaping. Consequences described in connected sources include the potential to access or exfiltrate sensitiv...
CVE-2022-32396
CVE-2022-32396 affects Prison Management System v1.0, with a SQL injection in /pms/admin/visits/manage_visit.php:4 via the id parameter. Root cause: lack of input filtering/escaping enabling arbitrary SQL execution. Documented impact includes data exposure (partial/confidentiality/integity/availa...
CVE-2022-32397
CVE-2022-32397 affects Prison Management System v1.0. A SQL injection vulnerability exists in the parameter 'id' exposed by /pms/admin/visits/view_visit.php (line 4). The issue allows arbitrary SQL commands via unfiltered input, potentially exposing sensitive data. Public references in connected ...
CVE-2022-32392
CVE-2022-32392 affects Prison Management System v1.0. The vulnerability is a SQL injection in the admin action path, exploitable via the id parameter in /pms/admin/actions/manage_action.php (line 4). Public docs consistently describe lack of input filtering on id, enabling potentially unauthorize...
CVE-2022-32394
CVE-2022-32394 affects Prison Management System v1.0. A SQL injection vulnerability exists in the /pms/admin/inmates/view_inmate.php:3 endpoint via the id parameter, caused by insufficient input filtering. This is documented across multiple sources (NVD, Red Hat, CNVD, CNVD variants) and explicit...
CVE-2022-32399
CVE-2022-32399 : The Prison Management System v1.0 is affected by a SQL injection in the /pms/admin/crimes/view_crime.php:4 endpoint, via the vulnerable id parameter. The root cause is unsanitized input in the id field, allowing an attacker to craft SQL payloads. The CVSS information shows a high...
CVE-2022-32393
Prison Management System v1.0 contains a SQL injection vulnerability via the id parameter in /pms/admin/cells/view_cell.php:4. The issue arises from insufficient input handling/filter escaping, enabling attackers to inject SQL commands to access or modify data. No exploitation details, affected v...
CVE-2022-2019
CVE-2022-2019 affects SourceCodester Prison Management System 1.0, specifically the New User Creation component via the /classes/Users.php?f=save endpoint. The underlying issue is improper authorization, enabling remote exploitation. Multiple sources confirm a critical severit y with public explo...
CVE-2022-32403
CVE-2022-32403 affects Prison Management System v1.0. The vulnerability is a SQL injection in the /pms/admin/inmates/manage_record.php endpoint, triggered by the id parameter due to unsafely assembled SQL queries. The issue enables access to or manipulation of database data and is described with ...
CVE-2022-32404
CVE-2022-32404 affects Prison Management System v1.0, with a SQL injection in the id parameter of /pms/admin/inmates/manage_inmate.php. The root cause is unsafely handled user input in the id field, enabling arbitrary SQL execution and potential data disclosure or modification. The vulnerability ...
CVE-2022-2018
CVE-2022-2018 impacts SourceCodester Prison Management System 1.0. The Inmate Handler’s /admin/?page=inmates/view_inmate endpoint is vulnerable where the id parameter can be manipulated to perform SQL injection. The attack can be launched remotely, and public disclosure of the exploit is noted. T...
CVE-2022-32391
The CVE-2022-32391 entry relates to Prison Management System v1.0, which contains a SQL injection vulnerability in the id parameter of /pms/admin/actions/view_action.php (line 4). The root cause is lack of proper escaping/filtering for the id input, enabling potentially unauthorized access to dat...
CVE-2022-32398
CVE-2022-32398 affects Prison Management System v1.0. The vulnerability is a SQL injection via the id parameter in /pms/admin/cells/manage_cell.php:4, caused by inadequate input filtering. Consequences, as described across connected sources, include exposure of sensitive data due to arbitrary SQL...
CVE-2022-32401
Affected software: Prison Management System v1.0. Vulnerability type: SQL injection in the /pms/admin/inmates/manage_privilege.php endpoint via the id parameter. Root cause: lack of proper input filtering/escaping leading to injection. Impact (as stated): not explicitly quantified in the connecte...
CVE-2022-32402
CVE-2022-32402 concerns a SQL injection in the Prison Management System v1.0. The vulnerability is triggered through the id parameter in /pms/admin/prisons/manage_prison.php, allowing potentially unauthorized data access. Public sources consistently describe the issue as a SQL injection originati...
CVE-2024-7813
CVE-2024-7813 affects SourceCodester Prison Management System 1.0, specifically the Profile Image Handler via /uploadImage/Profile/. The issue arises from unknown processing of the profile image file, leading to credentials that are insufficiently protected. Exploitation is possible remotely and ...
CVE-2022-2017
The CVE-2022-2017 entry concerns SourceCodester Prison Management System 1.0. A SQL injection vulnerability exists in the Visit Handler component, specifically in the /pms/admin/visits/view_visit.php path where the id parameter can be manipulated (example payload: 2%27and%201=2%20union%20select%2...
CVE-2022-2020
CVE-2022-2020 (SourceCodester Prison Management System 1.0) involves a cross-site scripting vulnerability in the unknown functionality of the file /admin/?page=system_info within the System Name Handler component. The issue is triggered by input like , enabling remote exploitation and potentially...