Lucene search
K
Prison Management System ProjectPrison Management System

20 matches found

CVE
CVE
added 2022/06/24 1:10 a.m.69 views

CVE-2022-32400

The CVE-2022-32400 issue affects Prison Management System v1.0, where SQL injection is possible via the id parameter in /pms/admin/user/manage_user.php. The root cause, as described in multiple sources, is a lack of input filtering/escaping, allowing an attacker to inject SQL commands to access o...

7.2CVSS7.2AI score0.01155EPSS
Web
CVE
CVE
added 2022/06/24 1:5 a.m.67 views

CVE-2022-32395

CVE-2022-32395 affects Prison Management System v1.0. The vulnerability is a SQL injection in the application layer, exploitable via the id parameter in /pms/admin/crimes/manage_crime.php, caused by lack of input filtering/escaping for the id value (CNVD-2022-48391 reference corroborates this). C...

8.8CVSS8.9AI score0.01171EPSS
Web
CVE
CVE
added 2022/06/24 1:15 a.m.67 views

CVE-2022-32405

CVE-2022-32405 affects Prison Management System v1.0. The vulnerability is a SQL injection in the parameter id of /pms/admin/prisons/view_prison.php:4, caused by lack of SQL data filtering/escaping. Consequences described in connected sources include the potential to access or exfiltrate sensitiv...

8.8CVSS8.9AI score0.01171EPSS
Web
CVE
CVE
added 2022/06/24 1:6 a.m.65 views

CVE-2022-32396

CVE-2022-32396 affects Prison Management System v1.0, with a SQL injection in /pms/admin/visits/manage_visit.php:4 via the id parameter. Root cause: lack of input filtering/escaping enabling arbitrary SQL execution. Documented impact includes data exposure (partial/confidentiality/integity/availa...

8.8CVSS8.9AI score0.01171EPSS
Web
CVE
CVE
added 2022/06/24 1:7 a.m.65 views

CVE-2022-32397

CVE-2022-32397 affects Prison Management System v1.0. A SQL injection vulnerability exists in the parameter 'id' exposed by /pms/admin/visits/view_visit.php (line 4). The issue allows arbitrary SQL commands via unfiltered input, potentially exposing sensitive data. Public references in connected ...

8.8CVSS8.9AI score0.01171EPSS
Web
CVE
CVE
added 2022/06/24 1:2 a.m.63 views

CVE-2022-32392

CVE-2022-32392 affects Prison Management System v1.0. The vulnerability is a SQL injection in the admin action path, exploitable via the id parameter in /pms/admin/actions/manage_action.php (line 4). Public docs consistently describe lack of input filtering on id, enabling potentially unauthorize...

8.8CVSS8.9AI score0.01171EPSS
Web
CVE
CVE
added 2022/06/24 1:4 a.m.61 views

CVE-2022-32394

CVE-2022-32394 affects Prison Management System v1.0. A SQL injection vulnerability exists in the /pms/admin/inmates/view_inmate.php:3 endpoint via the id parameter, caused by insufficient input filtering. This is documented across multiple sources (NVD, Red Hat, CNVD, CNVD variants) and explicit...

8.8CVSS8.9AI score0.01171EPSS
Web
CVE
CVE
added 2022/06/24 1:9 a.m.60 views

CVE-2022-32399

CVE-2022-32399 : The Prison Management System v1.0 is affected by a SQL injection in the /pms/admin/crimes/view_crime.php:4 endpoint, via the vulnerable id parameter. The root cause is unsanitized input in the id field, allowing an attacker to craft SQL payloads. The CVSS information shows a high...

8.8CVSS8.9AI score0.01171EPSS
Web
CVE
CVE
added 2022/06/24 1:4 a.m.59 views

CVE-2022-32393

Prison Management System v1.0 contains a SQL injection vulnerability via the id parameter in /pms/admin/cells/view_cell.php:4. The issue arises from insufficient input handling/filter escaping, enabling attackers to inject SQL commands to access or modify data. No exploitation details, affected v...

8.8CVSS8.9AI score0.01171EPSS
Web
CVE
CVE
added 2022/06/07 11:5 a.m.58 views

CVE-2022-2019

CVE-2022-2019 affects SourceCodester Prison Management System 1.0, specifically the New User Creation component via the /classes/Users.php?f=save endpoint. The underlying issue is improper authorization, enabling remote exploitation. Multiple sources confirm a critical severit y with public explo...

7.5CVSS7.5AI score0.00732EPSS
Web
CVE
CVE
added 2022/06/24 1:13 a.m.58 views

CVE-2022-32403

CVE-2022-32403 affects Prison Management System v1.0. The vulnerability is a SQL injection in the /pms/admin/inmates/manage_record.php endpoint, triggered by the id parameter due to unsafely assembled SQL queries. The issue enables access to or manipulation of database data and is described with ...

8.8CVSS8.9AI score0.01171EPSS
Web
CVE
CVE
added 2022/06/24 1:14 a.m.58 views

CVE-2022-32404

CVE-2022-32404 affects Prison Management System v1.0, with a SQL injection in the id parameter of /pms/admin/inmates/manage_inmate.php. The root cause is unsafely handled user input in the id field, enabling arbitrary SQL execution and potential data disclosure or modification. The vulnerability ...

8.8CVSS8.9AI score0.01171EPSS
Web
CVE
CVE
added 2022/06/07 11:5 a.m.57 views

CVE-2022-2018

CVE-2022-2018 impacts SourceCodester Prison Management System 1.0. The Inmate Handler’s /admin/?page=inmates/view_inmate endpoint is vulnerable where the id parameter can be manipulated to perform SQL injection. The attack can be launched remotely, and public disclosure of the exploit is noted. T...

7.5CVSS6.1AI score0.0075EPSS
Web
CVE
CVE
added 2022/06/24 1:1 a.m.57 views

CVE-2022-32391

The CVE-2022-32391 entry relates to Prison Management System v1.0, which contains a SQL injection vulnerability in the id parameter of /pms/admin/actions/view_action.php (line 4). The root cause is lack of proper escaping/filtering for the id input, enabling potentially unauthorized access to dat...

8.8CVSS8.9AI score0.01171EPSS
Web
CVE
CVE
added 2022/06/24 1:8 a.m.57 views

CVE-2022-32398

CVE-2022-32398 affects Prison Management System v1.0. The vulnerability is a SQL injection via the id parameter in /pms/admin/cells/manage_cell.php:4, caused by inadequate input filtering. Consequences, as described across connected sources, include exposure of sensitive data due to arbitrary SQL...

8.8CVSS8.9AI score0.0118EPSS
Web
CVE
CVE
added 2022/06/24 1:11 a.m.56 views

CVE-2022-32401

Affected software: Prison Management System v1.0. Vulnerability type: SQL injection in the /pms/admin/inmates/manage_privilege.php endpoint via the id parameter. Root cause: lack of proper input filtering/escaping leading to injection. Impact (as stated): not explicitly quantified in the connecte...

8.8CVSS8.9AI score0.01171EPSS
Web
CVE
CVE
added 2022/06/24 1:12 a.m.53 views

CVE-2022-32402

CVE-2022-32402 concerns a SQL injection in the Prison Management System v1.0. The vulnerability is triggered through the id parameter in /pms/admin/prisons/manage_prison.php, allowing potentially unauthorized data access. Public sources consistently describe the issue as a SQL injection originati...

8.8CVSS8.9AI score0.01171EPSS
Web
CVE
CVE
added 2024/08/15 3:0 a.m.53 views

CVE-2024-7813

CVE-2024-7813 affects SourceCodester Prison Management System 1.0, specifically the Profile Image Handler via /uploadImage/Profile/. The issue arises from unknown processing of the profile image file, leading to credentials that are insufficiently protected. Exploitation is possible remotely and ...

7.5CVSS5.4AI score0.00763EPSS
Web
CVE
CVE
added 2022/06/07 11:5 a.m.50 views

CVE-2022-2017

The CVE-2022-2017 entry concerns SourceCodester Prison Management System 1.0. A SQL injection vulnerability exists in the Visit Handler component, specifically in the /pms/admin/visits/view_visit.php path where the id parameter can be manipulated (example payload: 2%27and%201=2%20union%20select%2...

7.2CVSS6.1AI score0.00678EPSS
Web
CVE
CVE
added 2022/06/07 11:5 a.m.49 views

CVE-2022-2020

CVE-2022-2020 (SourceCodester Prison Management System 1.0) involves a cross-site scripting vulnerability in the unknown functionality of the file /admin/?page=system_info within the System Name Handler component. The issue is triggered by input like , enabling remote exploitation and potentially...

4.8CVSS4.2AI score0.0058EPSS
Web