RSS   Vulnerabilities for
'Home owners collection management system'
   RSS

2022-05-11
 
CVE-2022-28077

CWE-79
 

 
Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['s'] parameter.

 
 
CVE-2022-28078

CWE-79
 

 
Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['page'] parameter.

 
2022-04-21
 
CVE-2022-28414

CWE-89
 

 
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_member.

 
 
CVE-2022-28415

CWE-89
 

 
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_collection.

 
 
CVE-2022-28416

CWE-89
 

 
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_phase.

 
 
CVE-2022-28417

CWE-89
 

 
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_phase.

 
2022-03-02
 
CVE-2022-25045

CWE-798
 

 
Home Owners Collection Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.

 
 
CVE-2022-25016

CWE-434
 

 
Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /student_attendance/index.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

 
2022-02-28
 
CVE-2022-25028

CWE-79
 

 
Home Owners Collection Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the collected_by parameter under the List of Collections module.

 
 
CVE-2022-25029

CWE-89
 

 
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter under /admin/?page=members/view_member&id=2.

 


Copyright 2024, cxsecurity.com

 

Back to Top