RSS   Vulnerabilities for
'Simple cold storage managment system'
   RSS

2022-10-28
 
CVE-2022-43229

CWE-89
 

 
Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /bookings/update_status.php.

 
 
CVE-2022-43230

CWE-89
 

 
Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=bookings/view_details.

 
2021-12-21
 
CVE-2021-45253

CWE-89
 

 
The id parameter in view_storage.php from Simple Cold Storage Management System 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed.

 

 >>> Vendor: Simple cold storage management system project 2 Products
Simple cold storage managment system
Simple cold storage management system


Copyright 2024, cxsecurity.com

 

Back to Top