Skip to main content

Online Sports Complex Booking System CVE-2022-29995

CRITICAL
SQL Injection (CWE-89)
2022-05-12 cve@mitre.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 12, 2022 - 15:15 nvd
CRITICAL 9.8

DescriptionNVD

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=clients/manage_client&id=.

AnalysisAI

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=clients/manage_client&id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=clients/manage_client&id=. Affected products include: Online Sports Complex Booking System Project Online Sports Complex Booking System.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2022-28093 CRITICAL POC
9.8 Apr 25

SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a local file inclusion vulnerability which al

CVE-2022-28106 CRITICAL POC
9.8 May 20

Online Sports Complex Booking System v1.0 was discovered to allow attackers to take over user accounts via a crafted POS

CVE-2022-28105 CRITICAL POC
9.8 May 20

Online Sports Complex Booking System v1.0 was discovered to contain a blind SQL injection vulnerability via the id param

CVE-2022-28962 CRITICAL POC
9.8 May 19

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=delete_client. Rat

CVE-2022-29994 CRITICAL POC
9.8 May 12

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=facilities/manage_facility

CVE-2022-29993 CRITICAL POC
9.8 May 12

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/bookings/view_booking.php?id=. R

CVE-2022-29992 CRITICAL POC
9.8 May 12

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/categories/manage_category.php?i

CVE-2022-29990 CRITICAL POC
9.8 May 12

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/categories/view_category.php?id=

CVE-2022-29989 CRITICAL POC
9.8 May 12

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_booking. R

CVE-2022-29988 CRITICAL POC
9.8 May 12

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete. Rated cri

CVE-2022-29987 CRITICAL POC
9.8 May 12

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=user/manage_user&id=. Rate

CVE-2022-29986 CRITICAL POC
9.8 May 12

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_facility.

Share

CVE-2022-29995 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy