Vulnerabilites related to prison_management_system_project - prison_management_system
CVE-2022-32402 (GCVE-0-2022-32402)
Vulnerability from cvelistv5
Published
2022-06-24 01:12
Modified
2024-08-03 07:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/prisons/manage_prison.php:4
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | x_refsource_MISC | |
| https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32402.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:39:51.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32402.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/prisons/manage_prison.php:4"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T01:12:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32402.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32402",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/prisons/manage_prison.php:4"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html",
"refsource": "MISC",
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"name": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32402.md",
"refsource": "MISC",
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32402.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32402",
"datePublished": "2022-06-24T01:12:58",
"dateReserved": "2022-06-05T00:00:00",
"dateUpdated": "2024-08-03T07:39:51.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32393 (GCVE-0-2022-32393)
Vulnerability from cvelistv5
Published
2022-06-24 01:04
Modified
2024-08-03 07:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/cells/view_cell.php:4
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | x_refsource_MISC | |
| https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32393.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:39:51.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32393.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/cells/view_cell.php:4"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T01:04:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32393.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/cells/view_cell.php:4"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html",
"refsource": "MISC",
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"name": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32393.md",
"refsource": "MISC",
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32393.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32393",
"datePublished": "2022-06-24T01:04:10",
"dateReserved": "2022-06-05T00:00:00",
"dateUpdated": "2024-08-03T07:39:51.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32403 (GCVE-0-2022-32403)
Vulnerability from cvelistv5
Published
2022-06-24 01:13
Modified
2024-08-03 07:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manage_record.php:4
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | x_refsource_MISC | |
| https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32403.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:39:51.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32403.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/inmates/manage_record.php:4"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T01:13:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32403.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32403",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/inmates/manage_record.php:4"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html",
"refsource": "MISC",
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"name": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32403.md",
"refsource": "MISC",
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32403.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32403",
"datePublished": "2022-06-24T01:13:47",
"dateReserved": "2022-06-05T00:00:00",
"dateUpdated": "2024-08-03T07:39:51.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2019 (GCVE-0-2022-2019)
Vulnerability from cvelistv5
Published
2022-06-07 11:05
Modified
2025-04-15 14:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-285 - Improper Authorization
Summary
A vulnerability classified as critical was found in SourceCodester Prison Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php?f=save of the component New User Creation. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System--.md | x_refsource_MISC | |
| https://vuldb.com/?id.201367 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SourceCodester | Prison Management System |
Version: 1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:43.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System--.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.201367"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2019",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T16:56:40.274369Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:32:11.388Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Prison Management System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in SourceCodester Prison Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php?f=save of the component New User Creation. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-07T11:05:21.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System--.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.201367"
}
],
"title": "SourceCodester Prison Management System New User Creation improper authorization",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2022-2019",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "SourceCodester Prison Management System New User Creation improper authorization"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Prison Management System",
"version": {
"version_data": [
{
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "SourceCodester"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical was found in SourceCodester Prison Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php?f=save of the component New User Creation. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "7.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System--.md",
"refsource": "MISC",
"url": "https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System--.md"
},
{
"name": "https://vuldb.com/?id.201367",
"refsource": "MISC",
"url": "https://vuldb.com/?id.201367"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2022-2019",
"datePublished": "2022-06-07T11:05:21.000Z",
"dateReserved": "2022-06-07T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:32:11.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32395 (GCVE-0-2022-32395)
Vulnerability from cvelistv5
Published
2022-06-24 01:05
Modified
2024-08-03 07:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/crimes/manage_crime.php:4
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | x_refsource_MISC | |
| https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32395.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:39:51.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32395.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/crimes/manage_crime.php:4"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T01:05:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32395.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/crimes/manage_crime.php:4"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html",
"refsource": "MISC",
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"name": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32395.md",
"refsource": "MISC",
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32395.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32395",
"datePublished": "2022-06-24T01:05:46",
"dateReserved": "2022-06-05T00:00:00",
"dateUpdated": "2024-08-03T07:39:51.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32401 (GCVE-0-2022-32401)
Vulnerability from cvelistv5
Published
2022-06-24 01:11
Modified
2024-08-03 07:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manage_privilege.php:4
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | x_refsource_MISC | |
| https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32401.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:39:51.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32401.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/inmates/manage_privilege.php:4"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T01:11:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32401.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/inmates/manage_privilege.php:4"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html",
"refsource": "MISC",
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"name": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32401.md",
"refsource": "MISC",
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32401.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32401",
"datePublished": "2022-06-24T01:11:04",
"dateReserved": "2022-06-05T00:00:00",
"dateUpdated": "2024-08-03T07:39:51.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32400 (GCVE-0-2022-32400)
Vulnerability from cvelistv5
Published
2022-06-24 01:10
Modified
2024-08-03 07:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/user/manage_user.php:4.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | x_refsource_MISC | |
| https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32400.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:39:51.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32400.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/user/manage_user.php:4."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T01:10:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32400.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/user/manage_user.php:4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html",
"refsource": "MISC",
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"name": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32400.md",
"refsource": "MISC",
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32400.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32400",
"datePublished": "2022-06-24T01:10:24",
"dateReserved": "2022-06-05T00:00:00",
"dateUpdated": "2024-08-03T07:39:51.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32396 (GCVE-0-2022-32396)
Vulnerability from cvelistv5
Published
2022-06-24 01:06
Modified
2024-08-03 07:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/visits/manage_visit.php:4
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | x_refsource_MISC | |
| https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32396.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:39:51.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32396.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/visits/manage_visit.php:4"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T01:06:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32396.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/visits/manage_visit.php:4"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html",
"refsource": "MISC",
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"name": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32396.md",
"refsource": "MISC",
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32396.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32396",
"datePublished": "2022-06-24T01:06:34",
"dateReserved": "2022-06-05T00:00:00",
"dateUpdated": "2024-08-03T07:39:51.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32404 (GCVE-0-2022-32404)
Vulnerability from cvelistv5
Published
2022-06-24 01:14
Modified
2024-08-03 07:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manage_inmate.php:3
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | x_refsource_MISC | |
| https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32404.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:39:51.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32404.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/inmates/manage_inmate.php:3"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T01:14:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32404.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/inmates/manage_inmate.php:3"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html",
"refsource": "MISC",
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"name": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32404.md",
"refsource": "MISC",
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32404.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32404",
"datePublished": "2022-06-24T01:14:43",
"dateReserved": "2022-06-05T00:00:00",
"dateUpdated": "2024-08-03T07:39:51.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32399 (GCVE-0-2022-32399)
Vulnerability from cvelistv5
Published
2022-06-24 01:09
Modified
2024-08-03 07:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/crimes/view_crime.php:4
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | x_refsource_MISC | |
| https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32399.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:39:51.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32399.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/crimes/view_crime.php:4"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T01:09:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32399.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/crimes/view_crime.php:4"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html",
"refsource": "MISC",
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"name": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32399.md",
"refsource": "MISC",
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32399.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32399",
"datePublished": "2022-06-24T01:09:21",
"dateReserved": "2022-06-05T00:00:00",
"dateUpdated": "2024-08-03T07:39:51.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32397 (GCVE-0-2022-32397)
Vulnerability from cvelistv5
Published
2022-06-24 01:07
Modified
2024-08-03 07:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/visits/view_visit.php:4
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | x_refsource_MISC | |
| https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32397.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:39:51.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32397.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/visits/view_visit.php:4"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T01:07:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32397.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32397",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/visits/view_visit.php:4"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html",
"refsource": "MISC",
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"name": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32397.md",
"refsource": "MISC",
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32397.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32397",
"datePublished": "2022-06-24T01:07:46",
"dateReserved": "2022-06-05T00:00:00",
"dateUpdated": "2024-08-03T07:39:51.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32398 (GCVE-0-2022-32398)
Vulnerability from cvelistv5
Published
2022-06-24 01:08
Modified
2024-08-03 07:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/cells/manage_cell.php:4
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | x_refsource_MISC | |
| https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32398.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:39:51.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32398.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/cells/manage_cell.php:4"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T01:08:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32398.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/cells/manage_cell.php:4"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html",
"refsource": "MISC",
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"name": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32398.md",
"refsource": "MISC",
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32398.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32398",
"datePublished": "2022-06-24T01:08:34",
"dateReserved": "2022-06-05T00:00:00",
"dateUpdated": "2024-08-03T07:39:51.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32392 (GCVE-0-2022-32392)
Vulnerability from cvelistv5
Published
2022-06-24 01:02
Modified
2024-08-03 07:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/actions/manage_action.php:4
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | x_refsource_MISC | |
| https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32392.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:39:51.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32392.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/actions/manage_action.php:4"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T01:02:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32392.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/actions/manage_action.php:4"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html",
"refsource": "MISC",
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"name": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32392.md",
"refsource": "MISC",
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32392.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32392",
"datePublished": "2022-06-24T01:02:58",
"dateReserved": "2022-06-05T00:00:00",
"dateUpdated": "2024-08-03T07:39:51.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32405 (GCVE-0-2022-32405)
Vulnerability from cvelistv5
Published
2022-06-24 01:15
Modified
2024-08-03 07:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/prisons/view_prison.php:4
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | x_refsource_MISC | |
| https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32405.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:39:51.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32405.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/prisons/view_prison.php:4"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T01:15:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32405.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/prisons/view_prison.php:4"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html",
"refsource": "MISC",
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"name": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32405.md",
"refsource": "MISC",
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32405.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32405",
"datePublished": "2022-06-24T01:15:27",
"dateReserved": "2022-06-05T00:00:00",
"dateUpdated": "2024-08-03T07:39:51.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32394 (GCVE-0-2022-32394)
Vulnerability from cvelistv5
Published
2022-06-24 01:04
Modified
2024-08-03 07:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/view_inmate.php:3
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | x_refsource_MISC | |
| https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32394.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:39:51.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32394.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/inmates/view_inmate.php:3"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T01:04:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32394.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/inmates/view_inmate.php:3"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html",
"refsource": "MISC",
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"name": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32394.md",
"refsource": "MISC",
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32394.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32394",
"datePublished": "2022-06-24T01:04:59",
"dateReserved": "2022-06-05T00:00:00",
"dateUpdated": "2024-08-03T07:39:51.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2017 (GCVE-0-2022-2017)
Vulnerability from cvelistv5
Published
2022-06-07 11:05
Modified
2025-04-15 14:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - SQL Injection
Summary
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pms/admin/visits/view_visit.php of the component Visit Handler. The manipulation of the argument id with the input 2%27and%201=2%20union%20select%201,2,3,4,5,6,7,user(),database()--+ leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System%28SQLI%292.md | x_refsource_MISC | |
| https://vuldb.com/?id.201365 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SourceCodester | Prison Management System |
Version: 1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System%28SQLI%292.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.201365"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2017",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:13:54.493938Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:32:35.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Prison Management System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pms/admin/visits/view_visit.php of the component Visit Handler. The manipulation of the argument id with the input 2%27and%201=2%20union%20select%201,2,3,4,5,6,7,user(),database()--+ leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-07T11:05:17.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System%28SQLI%292.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.201365"
}
],
"title": "SourceCodester Prison Management System Visit view_visit.php sql injection",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2022-2017",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "SourceCodester Prison Management System Visit view_visit.php sql injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Prison Management System",
"version": {
"version_data": [
{
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "SourceCodester"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pms/admin/visits/view_visit.php of the component Visit Handler. The manipulation of the argument id with the input 2%27and%201=2%20union%20select%201,2,3,4,5,6,7,user(),database()--+ leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "4.7",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System(SQLI)2.md",
"refsource": "MISC",
"url": "https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System(SQLI)2.md"
},
{
"name": "https://vuldb.com/?id.201365",
"refsource": "MISC",
"url": "https://vuldb.com/?id.201365"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2022-2017",
"datePublished": "2022-06-07T11:05:18.000Z",
"dateReserved": "2022-06-07T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:32:35.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32391 (GCVE-0-2022-32391)
Vulnerability from cvelistv5
Published
2022-06-24 01:01
Modified
2024-08-03 07:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/actions/view_action.php:4
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | x_refsource_MISC | |
| https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32391.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:39:51.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32391.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/actions/view_action.php:4"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T01:01:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32391.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/actions/view_action.php:4"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html",
"refsource": "MISC",
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"name": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32391.md",
"refsource": "MISC",
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32391.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32391",
"datePublished": "2022-06-24T01:01:46",
"dateReserved": "2022-06-05T00:00:00",
"dateUpdated": "2024-08-03T07:39:51.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2018 (GCVE-0-2022-2018)
Vulnerability from cvelistv5
Published
2022-06-07 11:05
Modified
2025-04-15 14:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - SQL Injection
Summary
A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. Affected is an unknown function of the file /admin/?page=inmates/view_inmate of the component Inmate Handler. The manipulation of the argument id with the input 1%27%20and%201=2%20union%20select%201,user(),3,4,5,6,7,8,9,0,database(),2,3,4,5,6,7,8,9,0,1,2,3,4--+ leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System%28SQLI%29.md | x_refsource_MISC | |
| https://vuldb.com/?id.201366 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SourceCodester | Prison Management System |
Version: 1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:43.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System%28SQLI%29.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.201366"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2018",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:13:51.585707Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:32:22.651Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Prison Management System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. Affected is an unknown function of the file /admin/?page=inmates/view_inmate of the component Inmate Handler. The manipulation of the argument id with the input 1%27%20and%201=2%20union%20select%201,user(),3,4,5,6,7,8,9,0,database(),2,3,4,5,6,7,8,9,0,1,2,3,4--+ leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-07T11:05:19.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System%28SQLI%29.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.201366"
}
],
"title": "SourceCodester Prison Management System Inmate sql injection",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2022-2018",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "SourceCodester Prison Management System Inmate sql injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Prison Management System",
"version": {
"version_data": [
{
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "SourceCodester"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. Affected is an unknown function of the file /admin/?page=inmates/view_inmate of the component Inmate Handler. The manipulation of the argument id with the input 1%27%20and%201=2%20union%20select%201,user(),3,4,5,6,7,8,9,0,database(),2,3,4,5,6,7,8,9,0,1,2,3,4--+ leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "4.7",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System(SQLI).md",
"refsource": "MISC",
"url": "https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System(SQLI).md"
},
{
"name": "https://vuldb.com/?id.201366",
"refsource": "MISC",
"url": "https://vuldb.com/?id.201366"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2022-2018",
"datePublished": "2022-06-07T11:05:20.000Z",
"dateReserved": "2022-06-07T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:32:22.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7813 (GCVE-0-2024-7813)
Vulnerability from cvelistv5
Published
2024-08-15 03:00
Modified
2024-08-15 14:00
Severity ?
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-522 - Insufficiently Protected Credentials
Summary
A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. This issue affects some unknown processing of the file /uploadImage/Profile/ of the component Profile Image Handler. The manipulation leads to insufficiently protected credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.274709 | vdb-entry | |
| https://vuldb.com/?ctiid.274709 | signature, permissions-required | |
| https://vuldb.com/?submit.391358 | third-party-advisory | |
| https://github.com/CYB84/CVE_Writeup/blob/main/Directory%20Listing.md | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SourceCodester | Prison Management System |
Version: 1.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sourcecodester:prison_management_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "prison_management_system",
"vendor": "sourcecodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7813",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T13:58:08.844880Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T14:00:08.328Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Profile Image Handler"
],
"product": "Prison Management System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Raj Nandi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. This issue affects some unknown processing of the file /uploadImage/Profile/ of the component Profile Image Handler. The manipulation leads to insufficiently protected credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in SourceCodester Prison Management System 1.0 entdeckt. Sie wurde als problematisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /uploadImage/Profile/ der Komponente Profile Image Handler. Mittels Manipulieren mit unbekannten Daten kann eine insufficiently protected credentials-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T03:00:08.118Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-274709 | SourceCodester Prison Management System Profile Image insufficiently protected credentials",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.274709"
},
{
"name": "VDB-274709 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.274709"
},
{
"name": "Submit #391358 | SourceCodester Prison Management System 1.0 Exposure of Information Through Directory Listing",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.391358"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/CYB84/CVE_Writeup/blob/main/Directory%20Listing.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-08-14T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-08-14T20:40:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Prison Management System Profile Image insufficiently protected credentials"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7813",
"datePublished": "2024-08-15T03:00:08.118Z",
"dateReserved": "2024-08-14T18:35:05.061Z",
"dateUpdated": "2024-08-15T14:00:08.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2020 (GCVE-0-2022-2020)
Vulnerability from cvelistv5
Published
2022-06-07 11:05
Modified
2025-04-15 14:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross Site Scripting
Summary
A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=system_info of the component System Name Handler. The manipulation with the input <img src="" onerror="alert(1)"> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System%28XSS%29.md | x_refsource_MISC | |
| https://vuldb.com/?id.201368 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SourceCodester | Prison Management System |
Version: 1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System%28XSS%29.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.201368"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2020",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:13:47.860787Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:31:57.317Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Prison Management System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=system_info of the component System Name Handler. The manipulation with the input \u003cimg src=\"\" onerror=\"alert(1)\"\u003e leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-07T11:05:23.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System%28XSS%29.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.201368"
}
],
"title": "SourceCodester Prison Management System System Name cross site scripting",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2022-2020",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "SourceCodester Prison Management System System Name cross site scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Prison Management System",
"version": {
"version_data": [
{
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "SourceCodester"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=system_info of the component System Name Handler. The manipulation with the input \u003cimg src=\"\" onerror=\"alert(1)\"\u003e leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "2.4",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System(XSS).md",
"refsource": "MISC",
"url": "https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System(XSS).md"
},
{
"name": "https://vuldb.com/?id.201368",
"refsource": "MISC",
"url": "https://vuldb.com/?id.201368"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2022-2020",
"datePublished": "2022-06-07T11:05:23.000Z",
"dateReserved": "2022-06-07T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:31:57.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-06-09 16:15
Modified
2024-11-21 07:00
Severity ?
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
A vulnerability classified as critical was found in SourceCodester Prison Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php?f=save of the component New User Creation. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System--.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?id.201367 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System--.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.201367 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| prison_management_system_project | prison_management_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:prison_management_system_project:prison_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E27BCC-81C9-4224-872D-B9586E0C2E06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in SourceCodester Prison Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php?f=save of the component New User Creation. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en SourceCodester Prison Management System 1.0. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /classes/Users.php?f=save del componente New User Creation. La manipulaci\u00f3n conlleva a una autorizaci\u00f3n inapropiada. El ataque puede ser lanzado remotamente. La explotaci\u00f3n ha sido revelada al p\u00fablico y puede ser usada"
}
],
"id": "CVE-2022-2019",
"lastModified": "2024-11-21T07:00:11.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-09T16:15:08.753",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System--.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.201367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System--.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.201367"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-24 02:15
Modified
2024-11-21 07:06
Severity ?
Summary
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/visits/manage_visit.php:4
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32396.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32396.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | Product, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| prison_management_system_project | prison_management_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:prison_management_system_project:prison_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E27BCC-81C9-4224-872D-B9586E0C2E06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/visits/manage_visit.php:4"
},
{
"lang": "es",
"value": "Se ha detectado que Prison Management System versi\u00f3n v1.0, contiene una vulnerabilidad de inyecci\u00f3n SQL por medio del par\u00e1metro \"id\" en el archivo /pms/admin/visits/manage_visit.php:4"
}
],
"id": "CVE-2022-32396",
"lastModified": "2024-11-21T07:06:18.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-24T02:15:07.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32396.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32396.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-24 02:15
Modified
2024-11-21 07:06
Severity ?
Summary
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/cells/manage_cell.php:4
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32398.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32398.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | Product, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| prison_management_system_project | prison_management_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:prison_management_system_project:prison_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E27BCC-81C9-4224-872D-B9586E0C2E06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/cells/manage_cell.php:4"
},
{
"lang": "es",
"value": "Se ha detectado que Prison Management System versi\u00f3n v1.0, contiene una vulnerabilidad de inyecci\u00f3n SQL por medio del par\u00e1metro \"id\" en el archivo /pms/admin/cells/manage_cell.php:4"
}
],
"id": "CVE-2022-32398",
"lastModified": "2024-11-21T07:06:18.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-24T02:15:07.517",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32398.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32398.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-24 02:15
Modified
2024-11-21 07:06
Severity ?
Summary
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/view_inmate.php:3
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32394.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32394.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | Product, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| prison_management_system_project | prison_management_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:prison_management_system_project:prison_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E27BCC-81C9-4224-872D-B9586E0C2E06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/inmates/view_inmate.php:3"
},
{
"lang": "es",
"value": "Se ha detectado que Prison Management System versi\u00f3n v1.0, contiene una vulnerabilidad de inyecci\u00f3n SQL por medio del par\u00e1metro \"id\" en el archivo /pms/admin/inmates/view_inmate.php:3"
}
],
"id": "CVE-2022-32394",
"lastModified": "2024-11-21T07:06:17.967",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-24T02:15:07.317",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32394.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32394.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-24 02:15
Modified
2024-11-21 07:06
Severity ?
Summary
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/user/manage_user.php:4.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32400.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32400.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | Product, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| prison_management_system_project | prison_management_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:prison_management_system_project:prison_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E27BCC-81C9-4224-872D-B9586E0C2E06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/user/manage_user.php:4."
},
{
"lang": "es",
"value": "Se ha detectado que Prison Management System versi\u00f3n v1.0, contiene una vulnerabilidad de inyecci\u00f3n SQL por medio del par\u00e1metro \"id\" en el archivo /pms/admin/user/manage_user.php:4"
}
],
"id": "CVE-2022-32400",
"lastModified": "2024-11-21T07:06:18.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-24T02:15:07.607",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32400.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32400.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-24 02:15
Modified
2024-11-21 07:06
Severity ?
Summary
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manage_privilege.php:4
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32401.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32401.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | Product, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| prison_management_system_project | prison_management_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:prison_management_system_project:prison_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E27BCC-81C9-4224-872D-B9586E0C2E06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/inmates/manage_privilege.php:4"
},
{
"lang": "es",
"value": "Se ha detectado que Prison Management System versi\u00f3n v1.0, contiene una vulnerabilidad de inyecci\u00f3n SQL por medio del par\u00e1metro \"id\" en el archivo /pms/admin/inmates/manage_privilege.php:4"
}
],
"id": "CVE-2022-32401",
"lastModified": "2024-11-21T07:06:18.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-24T02:15:07.647",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32401.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32401.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-24 02:15
Modified
2024-11-21 07:06
Severity ?
Summary
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/crimes/view_crime.php:4
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32399.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32399.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | Product, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| prison_management_system_project | prison_management_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:prison_management_system_project:prison_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E27BCC-81C9-4224-872D-B9586E0C2E06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/crimes/view_crime.php:4"
},
{
"lang": "es",
"value": "Se ha detectado que Prison Management System versi\u00f3n v1.0, contiene una vulnerabilidad de inyecci\u00f3n SQL por medio del par\u00e1metro \"id\" en el archivo /pms/admin/crimes/view_crime.php:4"
}
],
"id": "CVE-2022-32399",
"lastModified": "2024-11-21T07:06:18.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-24T02:15:07.560",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32399.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32399.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-24 02:15
Modified
2024-11-21 07:06
Severity ?
Summary
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/cells/view_cell.php:4
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32393.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32393.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | Product, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| prison_management_system_project | prison_management_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:prison_management_system_project:prison_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E27BCC-81C9-4224-872D-B9586E0C2E06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/cells/view_cell.php:4"
},
{
"lang": "es",
"value": "Se ha detectado que Prison Management System versi\u00f3n v1.0, contiene una vulnerabilidad de inyecci\u00f3n SQL por medio del par\u00e1metro \"id\" en el archivo /pms/admin/cells/view_cell.php:4"
}
],
"id": "CVE-2022-32393",
"lastModified": "2024-11-21T07:06:17.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-24T02:15:07.273",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32393.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32393.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-24 02:15
Modified
2024-11-21 07:06
Severity ?
Summary
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/actions/manage_action.php:4
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32392.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32392.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | Product, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| prison_management_system_project | prison_management_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:prison_management_system_project:prison_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E27BCC-81C9-4224-872D-B9586E0C2E06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/actions/manage_action.php:4"
},
{
"lang": "es",
"value": "Se ha detectado que Prison Management System versi\u00f3n v1.0, contiene una vulnerabilidad de inyecci\u00f3n SQL por medio del par\u00e1metro \"id\" en el archivo /pms/admin/actions/manage_action.php:4"
}
],
"id": "CVE-2022-32392",
"lastModified": "2024-11-21T07:06:17.693",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-24T02:15:07.230",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32392.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32392.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-24 02:15
Modified
2024-11-21 07:06
Severity ?
Summary
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/actions/view_action.php:4
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32391.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32391.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | Product, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| prison_management_system_project | prison_management_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:prison_management_system_project:prison_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E27BCC-81C9-4224-872D-B9586E0C2E06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/actions/view_action.php:4"
},
{
"lang": "es",
"value": "Se ha detectado que Prison Management System versi\u00f3n v1.0, contiene una vulnerabilidad de inyecci\u00f3n SQL por medio del par\u00e1metro \"id\" en el archivo /pms/admin/actions/view_action.php:4"
}
],
"id": "CVE-2022-32391",
"lastModified": "2024-11-21T07:06:17.557",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-24T02:15:07.180",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32391.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32391.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-09 16:15
Modified
2024-11-21 07:00
Severity ?
2.4 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=system_info of the component System Name Handler. The manipulation with the input <img src="" onerror="alert(1)"> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| prison_management_system_project | prison_management_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:prison_management_system_project:prison_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E27BCC-81C9-4224-872D-B9586E0C2E06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=system_info of the component System Name Handler. The manipulation with the input \u003cimg src=\"\" onerror=\"alert(1)\"\u003e leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad, clasificada como problem\u00e1tica, en SourceCodester Prison Management System versi\u00f3n 1.0. Este problema afecta a una funcionalidad desconocida del archivo /admin/?page=system_info del componente System Name Handler. La manipulaci\u00f3n con la entrada (img src=\"\" onerror=\"alert(1)\") conlleva a un ataque de tipo cross site scripting. El ataque puede ser lanzado remotamente. La explotaci\u00f3n ha sido revelada al p\u00fablico y puede ser usada"
}
],
"id": "CVE-2022-2020",
"lastModified": "2024-11-21T07:00:11.197",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-09T16:15:08.813",
"references": [
{
"source": "cna@vuldb.com",
"url": "https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System%28XSS%29.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.201368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System%28XSS%29.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.201368"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-24 02:15
Modified
2024-11-21 07:06
Severity ?
Summary
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/visits/view_visit.php:4
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32397.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32397.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | Product, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| prison_management_system_project | prison_management_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:prison_management_system_project:prison_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E27BCC-81C9-4224-872D-B9586E0C2E06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/visits/view_visit.php:4"
},
{
"lang": "es",
"value": "Se ha detectado que Prison Management System versi\u00f3n v1.0, contiene una vulnerabilidad de inyecci\u00f3n SQL por medio del par\u00e1metro \"id\" en el archivo /pms/admin/visits/view_visit.php:4"
}
],
"id": "CVE-2022-32397",
"lastModified": "2024-11-21T07:06:18.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-24T02:15:07.470",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32397.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32397.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-24 02:15
Modified
2024-11-21 07:06
Severity ?
Summary
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/prisons/manage_prison.php:4
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32402.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32402.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | Product, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| prison_management_system_project | prison_management_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:prison_management_system_project:prison_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E27BCC-81C9-4224-872D-B9586E0C2E06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/prisons/manage_prison.php:4"
},
{
"lang": "es",
"value": "Se ha detectado que Prison Management System versi\u00f3n v1.0, contiene una vulnerabilidad de inyecci\u00f3n SQL por medio del par\u00e1metro \"id\" en el archivo /pms/admin/prisons/manage_prison.php:4"
}
],
"id": "CVE-2022-32402",
"lastModified": "2024-11-21T07:06:19.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-24T02:15:07.690",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32402.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32402.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-09 16:15
Modified
2024-11-21 07:00
Severity ?
4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. Affected is an unknown function of the file /admin/?page=inmates/view_inmate of the component Inmate Handler. The manipulation of the argument id with the input 1%27%20and%201=2%20union%20select%201,user(),3,4,5,6,7,8,9,0,database(),2,3,4,5,6,7,8,9,0,1,2,3,4--+ leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| prison_management_system_project | prison_management_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:prison_management_system_project:prison_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E27BCC-81C9-4224-872D-B9586E0C2E06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. Affected is an unknown function of the file /admin/?page=inmates/view_inmate of the component Inmate Handler. The manipulation of the argument id with the input 1%27%20and%201=2%20union%20select%201,user(),3,4,5,6,7,8,9,0,database(),2,3,4,5,6,7,8,9,0,1,2,3,4--+ leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en SourceCodester Prison Management System versi\u00f3n 1.0. Est\u00e1 afectada una funci\u00f3n desconocida del archivo /admin/?page=inmates/view_inmate del componente Inmate Handler. La manipulaci\u00f3n del argumento id con la entrada 1%27%20y%201=2%20union%20select%201,user(),3,4,5,6,7,8,9,0,database(),2,3,4,5,6,7,8,9,0,1,2,3,4--+ conlleva a una inyecci\u00f3n sql. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido revelada al p\u00fablico y puede ser usada"
}
],
"id": "CVE-2022-2018",
"lastModified": "2024-11-21T07:00:10.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-09T16:15:08.687",
"references": [
{
"source": "cna@vuldb.com",
"url": "https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System%28SQLI%29.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.201366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System%28SQLI%29.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.201366"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-09 16:15
Modified
2024-11-21 07:00
Severity ?
4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pms/admin/visits/view_visit.php of the component Visit Handler. The manipulation of the argument id with the input 2%27and%201=2%20union%20select%201,2,3,4,5,6,7,user(),database()--+ leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| prison_management_system_project | prison_management_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:prison_management_system_project:prison_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E27BCC-81C9-4224-872D-B9586E0C2E06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pms/admin/visits/view_visit.php of the component Visit Handler. The manipulation of the argument id with the input 2%27and%201=2%20union%20select%201,2,3,4,5,6,7,user(),database()--+ leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en SourceCodester Prison Management System versi\u00f3n 1.0. Ha sido calificada como cr\u00edtica. Este problema afecta a alg\u00fan procesamiento desconocido del archivo /pms/admin/visits/view_visit.php del componente Visit Handler. La manipulaci\u00f3n del argumento id con la entrada 2%27y%201=2%20union%20select%201,2,3,4,5,6,7,user(),database()--+ conlleva a una inyecci\u00f3n sql. El ataque puede iniciarse de forma remota. La explotaci\u00f3n ha sido revelada al p\u00fablico y puede ser usada"
}
],
"id": "CVE-2022-2017",
"lastModified": "2024-11-21T07:00:10.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-09T16:15:08.627",
"references": [
{
"source": "cna@vuldb.com",
"url": "https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System%28SQLI%292.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.201365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System%28SQLI%292.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.201365"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-15 03:15
Modified
2024-08-19 18:16
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. This issue affects some unknown processing of the file /uploadImage/Profile/ of the component Profile Image Handler. The manipulation leads to insufficiently protected credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/CYB84/CVE_Writeup/blob/main/Directory%20Listing.md | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.274709 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.274709 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.391358 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| prison_management_system_project | prison_management_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:prison_management_system_project:prison_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E27BCC-81C9-4224-872D-B9586E0C2E06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. This issue affects some unknown processing of the file /uploadImage/Profile/ of the component Profile Image Handler. The manipulation leads to insufficiently protected credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en SourceCodester Prison Management System 1.0 y clasificada como problem\u00e1tica. Este problema afecta un procesamiento desconocido del archivo /uploadImage/Profile/ del componente Profile Image Handler. La manipulaci\u00f3n conduce a credenciales insuficientemente protegidas. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse."
}
],
"id": "CVE-2024-7813",
"lastModified": "2024-08-19T18:16:48.327",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2024-08-15T03:15:06.140",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit"
],
"url": "https://github.com/CYB84/CVE_Writeup/blob/main/Directory%20Listing.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.274709"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.274709"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.391358"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-24 02:15
Modified
2024-11-21 07:06
Severity ?
Summary
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manage_inmate.php:3
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32404.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32404.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | Product, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| prison_management_system_project | prison_management_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:prison_management_system_project:prison_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E27BCC-81C9-4224-872D-B9586E0C2E06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/inmates/manage_inmate.php:3"
},
{
"lang": "es",
"value": "Se ha detectado que Prison Management System versi\u00f3n v1.0, contiene una vulnerabilidad de inyecci\u00f3n SQL por medio del par\u00e1metro \"id\" en el archivo /pms/admin/inmates/manage_inmate.php:3"
}
],
"id": "CVE-2022-32404",
"lastModified": "2024-11-21T07:06:19.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-24T02:15:07.787",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32404.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32404.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-24 02:15
Modified
2024-11-21 07:06
Severity ?
Summary
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/prisons/view_prison.php:4
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32405.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32405.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | Product, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| prison_management_system_project | prison_management_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:prison_management_system_project:prison_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E27BCC-81C9-4224-872D-B9586E0C2E06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/prisons/view_prison.php:4"
},
{
"lang": "es",
"value": "Se ha detectado que Prison Management System versi\u00f3n v1.0, contiene una vulnerabilidad de inyecci\u00f3n SQL por medio del par\u00e1metro \"id\" en el archivo /pms/admin/prisons/view_prison.php:4"
}
],
"id": "CVE-2022-32405",
"lastModified": "2024-11-21T07:06:19.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-24T02:15:07.833",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32405.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32405.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-24 02:15
Modified
2024-11-21 07:06
Severity ?
Summary
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/crimes/manage_crime.php:4
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32395.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32395.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | Product, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| prison_management_system_project | prison_management_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:prison_management_system_project:prison_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E27BCC-81C9-4224-872D-B9586E0C2E06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/crimes/manage_crime.php:4"
},
{
"lang": "es",
"value": "Se ha detectado que Prison Management System versi\u00f3n v1.0, contiene una vulnerabilidad de inyecci\u00f3n SQL por medio del par\u00e1metro \"id\" en el archivo /pms/admin/crimes/manage_crime.php:4"
}
],
"id": "CVE-2022-32395",
"lastModified": "2024-11-21T07:06:18.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-24T02:15:07.357",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32395.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32395.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-24 02:15
Modified
2024-11-21 07:06
Severity ?
Summary
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manage_record.php:4
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32403.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32403.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html | Product, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| prison_management_system_project | prison_management_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:prison_management_system_project:prison_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E27BCC-81C9-4224-872D-B9586E0C2E06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the \u0027id\u0027 parameter at /pms/admin/inmates/manage_record.php:4"
},
{
"lang": "es",
"value": "Se ha detectado que Prison Management System versi\u00f3n v1.0, contiene una vulnerabilidad de inyecci\u00f3n SQL por medio del par\u00e1metro \"id\" en el archivo /pms/admin/inmates/manage_record.php:4"
}
],
"id": "CVE-2022-32403",
"lastModified": "2024-11-21T07:06:19.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-24T02:15:07.737",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32403.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32403.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}