VYPR
Vendor

asith-eranga

Products
2
CVEs
3
Across products
3
Status
Private

Products

2

Recent CVEs

3
  • CVE-2022-30528CriDec 1, 2022
    risk 0.64cvss 9.8epss 0.01

    SQL Injection vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to execute arbitrary commands via the username parameter to /system/user/modules/mod_users/controller.php.

  • CVE-2022-28607HigDec 1, 2022
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to gain sensitive information via the action parameter to /system/user/modules/mod_users/controller.php.

  • CVE-2022-30529HigNov 22, 2022
    risk 0.47cvss 7.2epss 0.01

    File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialog.php and /system/application/libs/js/tinymce/plugins/filemanager/up…