VYPR

isic

by asith-eranga

CVEs (2)

  • CVE-2022-30528CriDec 1, 2022
    risk 0.64cvss 9.8epss 0.01

    SQL Injection vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to execute arbitrary commands via the username parameter to /system/user/modules/mod_users/controller.php.

  • CVE-2022-30529HigNov 22, 2022
    risk 0.47cvss 7.2epss 0.01

    File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialog.php and /system/application/libs/js/tinymce/plugins/filemanager/up…