Skip to main content

Online Sports Complex Booking System CVE-2022-28106

CRITICAL
Improper Authentication (CWE-287)
2022-05-20 cve@mitre.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 20, 2022 - 13:15 nvd
CRITICAL 9.8

DescriptionNVD

Online Sports Complex Booking System v1.0 was discovered to allow attackers to take over user accounts via a crafted POST request.

AnalysisAI

Online Sports Complex Booking System v1.0 was discovered to allow attackers to take over user accounts via a crafted POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. Online Sports Complex Booking System v1.0 was discovered to allow attackers to take over user accounts via a crafted POST request. Affected products include: Online Sports Complex Booking System Project Online Sports Complex Booking System.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.

CVE-2022-28093 CRITICAL POC
9.8 Apr 25

SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a local file inclusion vulnerability which al

CVE-2022-28105 CRITICAL POC
9.8 May 20

Online Sports Complex Booking System v1.0 was discovered to contain a blind SQL injection vulnerability via the id param

CVE-2022-28962 CRITICAL POC
9.8 May 19

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=delete_client. Rat

CVE-2022-29995 CRITICAL POC
9.8 May 12

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=clients/manage_client&id=.

CVE-2022-29994 CRITICAL POC
9.8 May 12

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=facilities/manage_facility

CVE-2022-29993 CRITICAL POC
9.8 May 12

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/bookings/view_booking.php?id=. R

CVE-2022-29992 CRITICAL POC
9.8 May 12

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/categories/manage_category.php?i

CVE-2022-29990 CRITICAL POC
9.8 May 12

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/categories/view_category.php?id=

CVE-2022-29989 CRITICAL POC
9.8 May 12

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_booking. R

CVE-2022-29988 CRITICAL POC
9.8 May 12

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete. Rated cri

CVE-2022-29987 CRITICAL POC
9.8 May 12

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=user/manage_user&id=. Rate

CVE-2022-29986 CRITICAL POC
9.8 May 12

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_facility.

Share

CVE-2022-28106 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy