Skip to main content
CVE-2022-28439 CRITICAL POC Act Now

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&&action=delete&userid=4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Baby Care System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-28438 CRITICAL POC Act Now

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=type&userrole=User&userid=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Baby Care System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-28437 CRITICAL POC Act Now

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=type&userrole=Admin&userid=3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Baby Care System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-28436 CRITICAL POC Act Now

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=display&value=Hide&userid=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Baby Care System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-28435 CRITICAL POC Act Now

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/siteoptions.php&action=displaygoal&value=1&roleid=1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Baby Care System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-28433 CRITICAL POC Act Now

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=display&value=Show&userid=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Baby Care System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-28432 CRITICAL POC Act Now

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=siteoptions&social=display&value=0&sid=2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Baby Care System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-28431 CRITICAL POC Act Now

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/siteoptions.php&social=remove&sid=2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Baby Care System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-28429 CRITICAL POC Act Now

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/inbox.php&action=delete&msgid=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Baby Care System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-28427 CRITICAL POC Act Now

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/inbox.php&action=read&msgid=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Baby Care System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-28426 CRITICAL POC Act Now

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/pagerole.php&action=edit&roleid=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Baby Care System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-28425 CRITICAL POC Act Now

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/pagerole.php&action=display&value=1&roleid=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Baby Care System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-28424 CRITICAL POC Act Now

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&find=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Baby Care System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-28423 CRITICAL POC Act Now

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&action=delete. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Baby Care System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-28422 CRITICAL POC Act Now

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&action=edit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Baby Care System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-28421 CRITICAL POC Act Now

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=posts&action=display&value=1&postid=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Baby Care System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-28420 CRITICAL POC Act Now

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via BabyCare/admin.php?id=theme&setid=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Baby Care System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-28417 CRITICAL POC Act Now

Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_phase. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Home Owners Collection Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-28416 CRITICAL POC Act Now

Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_phase. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Home Owners Collection Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-28415 CRITICAL POC Act Now

Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_collection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Home Owners Collection Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-28414 CRITICAL POC Act Now

Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_member. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Home Owners Collection Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-28413 CRITICAL POC Act Now

Car Driving School Management System v1.0 was discovered to contain a SQL injection vulnerability via /cdsms/classes/Master.php?f=delete_enrollment. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Car Driving School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-28412 CRITICAL POC Act Now

Car Driving School Managment System v1.0 was discovered to contain a SQL injection vulnerability via /cdsms/classes/Master.php?f=delete_package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Car Driving School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-28411 CRITICAL POC Act Now

Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/admin/?page=agents/manage_agent. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Real Estate Portal System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-28410 CRITICAL POC Act Now

Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/classes/Users.php?f=delete_agent. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Real Estate Portal System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-28030 CRITICAL POC Act Now

Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/classes/Master.php?f=delete_estate. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Real Estate Portal System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-28029 CRITICAL POC Act Now

Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/classes/Master.php?f=delete_type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Real Estate Portal System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-28028 CRITICAL POC Act Now

Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/classes/Master.php?f=delete_amenity. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Real Estate Portal System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-28026 CRITICAL POC Act Now

Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=student_p&id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Grading System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-28025 CRITICAL POC Act Now

Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=school_year. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Grading System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-28024 CRITICAL POC Act Now

Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=grade. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Grading System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-28023 CRITICAL POC Act Now

Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchase_order/classes/Master.php?f=delete_supplier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Purchase Order Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2022-28022 CRITICAL POC Act Now

Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchase_order/classes/Master.php?f=delete_item. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Purchase Order Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2022-28021 CRITICAL POC THREAT Act Now

Purchase Order Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /purchase_order/admin/?page=user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Purchase Order Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
24.3%
CVE-2022-0272 CRITICAL POC PATCH Act Now

Improper Restriction of XML External Entity Reference in GitHub repository detekt/detekt prior to 1.20.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE Detekt
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-28434 CRITICAL Act Now

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=siteoptions&social=edit&sid=2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Baby Care System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-28443 CRITICAL Act Now

UCMS v1.6 was discovered to contain an arbitrary file deletion vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ucms
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy