4 matches found
CVE-2022-43230
CVE-2022-43230 affects Simple Cold Storage Management System v1.0. The vulnerability is an SQL injection in the id parameter of /admin/?page=bookings/view_details. The attached metrics indicate CVSS v3.1 base score 7.2 (HIGH) with Network attack vector, Low attack complexity, Privileges required ...
CVE-2022-42230
CVE-2022-42230 affects Simple Cold Storage Management System v1.0. The vulnerability is a SQL Injection in the web API endpoint at /csms/admin/?page=user/manage_user&id= (id parameter), reported across multiple feeds. The advisory data from connected documents indicate a potential PoC exists and ...
CVE-2022-43229
CVE-2022-43229 pertains to a SQL injection vulnerability in Simple Cold Storage Management System v1.0, exploitable via the id parameter on the /bookings/update_status.php endpoint. The root cause is unauthenticated/non-validated input being used in a SQL query, enabling an attacker to view, modi...
CVE-2021-45253
The CVE-2021-45253 entry concerns Simple Cold Storage Management System 1.0. The vulnerability is in the id parameter of view_storage.php, allowing SQL injection. A payload injected a SQL sub-query invoking MySQL load_file with a UNC path referencing an external URL, and the application interacte...