Vendor CVEs
Oretnom23
All CVEs
440 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-31346 | 0.00 | — | 0.01 | Jun 1, 2022 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_service. | |||
| CVE-2022-31347 | 0.00 | — | 0.01 | Jun 1, 2022 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_vehicle. | |||
| CVE-2022-31350 | 0.00 | — | 0.01 | Jun 1, 2022 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/vehicles/manage_vehicle.php?id=. | |||
| CVE-2022-31351 | 0.00 | — | 0.01 | Jun 1, 2022 | Online Car Wash Booking System v1.0 by oretnom23 has SQL injection via /ocwbs/admin/services/manage_price.php?id=. | |||
| CVE-2022-31352 | 0.00 | — | 0.01 | Jun 1, 2022 | Online Car Wash Booking System v1.0 by oretnom23 has SQL injection in /ocwbs/admin/services/manage_service.php?id=. | |||
| CVE-2022-31353 | 0.00 | — | 0.01 | Jun 1, 2022 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/services/view_service.php?id=. | |||
| CVE-2022-31354 | 0.00 | — | 0.01 | Jun 1, 2022 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=get_vehicle_service. | |||
| CVE-2022-30799 | 0.00 | — | 0.01 | May 31, 2022 | Online Ordering System v1.0 by oretnom23 has SQL injection via store/orderpage.php. | |||
| CVE-2022-30798 | 0.00 | — | 0.01 | May 31, 2022 | Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/viewreport.php. | |||
| CVE-2022-30797 | 0.00 | — | 0.01 | May 31, 2022 | Online Ordering System 1.0 by oretnom23 is vulnerable to SQL Injection via admin/vieworders.php. | |||
| CVE-2022-30795 | 0.00 | — | 0.01 | May 31, 2022 | Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductimage.php. | |||
| CVE-2022-30794 | 0.00 | — | 0.01 | May 31, 2022 | Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductetails.php. | |||
| CVE-2022-30423 | 0.00 | — | 0.02 | May 27, 2022 | Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information. | |||
| CVE-2022-30495 | 0.00 | — | 0.01 | May 26, 2022 | In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing attackers to change the admin password(vertical privilege escalation) | |||
| CVE-2022-30493 | 0.00 | — | 0.02 | May 26, 2022 | In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin access(privilege escalation). | |||
| CVE-2022-30494 | 0.00 | — | 0.01 | May 26, 2022 | In oretnom23 Automotive Shop Management System v1.0, the first and last name user fields suffer from a stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal IPs. | |||
| CVE-2022-30463 | 0.00 | — | 0.01 | May 24, 2022 | Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_product. | |||
| CVE-2022-30458 | 0.00 | — | 0.00 | May 24, 2022 | Automotive Shop Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /asms/classes/Master.php?f=save_product, name. | |||
| CVE-2022-30016 | 0.00 | — | 0.01 | May 23, 2022 | Rescue Dispatch Management System 1.0 is vulnerable to Incorrect Access Control via http://localhost/rdms/admin/?page=system_info. | |||
| CVE-2022-30017 | 0.00 | — | 0.00 | May 23, 2022 | Rescue Dispatch Management System 1.0 suffers from Stored XSS, leading to admin account takeover via cookie stealing. | |||
| CVE-2022-29652 | 0.00 | — | 0.01 | May 19, 2022 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=save_client. | |||
| CVE-2022-29304 | 0.00 | — | 0.01 | May 19, 2022 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /classes/master.php?f=delete_ Facility. | |||
| CVE-2022-30386 | 0.00 | — | 0.01 | May 13, 2022 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_featured. | |||
| CVE-2022-30391 | 0.00 | — | 0.01 | May 13, 2022 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_category. | |||
| CVE-2022-30392 | 0.00 | — | 0.01 | May 13, 2022 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_sub_category. | |||
| CVE-2022-30393 | 0.00 | — | 0.01 | May 13, 2022 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=product/manage_product&id=. | |||
| CVE-2022-30396 | 0.00 | — | 0.01 | May 13, 2022 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=inventory/manage_inventory&id=. | |||
| CVE-2022-30400 | 0.00 | — | 0.01 | May 13, 2022 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/orders/view_order.php?view=user&id=. | |||
| CVE-2022-30402 | 0.00 | — | 0.01 | May 13, 2022 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=maintenance/manage_sub_category&id=. | |||
| CVE-2022-30403 | 0.00 | — | 0.01 | May 13, 2022 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/?p=products&c=. | |||
| CVE-2022-30367 | 0.00 | — | 0.01 | May 13, 2022 | Air Cargo Management System v1.0 is vulnerable to file deletion via /acms/classes/Master.php?f=delete_img. | |||
| CVE-2022-30371 | 0.00 | — | 0.01 | May 13, 2022 | Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/cargo_types/view_cargo_type.php?id=. | |||
| CVE-2022-30372 | 0.00 | — | 0.01 | May 13, 2022 | Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=delete_cargo. | |||
| CVE-2022-29986 | 0.00 | — | 0.01 | May 12, 2022 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_facility. | |||
| CVE-2022-29987 | 0.00 | — | 0.01 | May 12, 2022 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=user/manage_user&id=. | |||
| CVE-2022-29988 | 0.00 | — | 0.01 | May 12, 2022 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete. | |||
| CVE-2022-29989 | 0.00 | — | 0.01 | May 12, 2022 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_booking. | |||
| CVE-2022-29993 | 0.00 | — | 0.01 | May 12, 2022 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/bookings/view_booking.php?id=. | |||
| CVE-2022-29994 | 0.00 | — | 0.01 | May 12, 2022 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=facilities/manage_facility&id=. | |||
| CVE-2022-29995 | 0.00 | — | 0.01 | May 12, 2022 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=clients/manage_client&id=. | |||
| CVE-2022-29750 | 0.00 | — | 0.02 | May 12, 2022 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_service. | |||
| CVE-2022-29751 | 0.00 | — | 0.02 | May 12, 2022 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_client. | |||
| CVE-2022-29981 | 0.00 | — | 0.02 | May 12, 2022 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Users.php?f=delete. | |||
| CVE-2022-29979 | 0.00 | — | 0.02 | May 12, 2022 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_designation. | |||
| CVE-2022-29980 | 0.00 | — | 0.02 | May 12, 2022 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=user/manage_user&id=. | |||
| CVE-2022-29982 | 0.00 | — | 0.02 | May 12, 2022 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/maintenance/manage_service.php?id=. | |||
| CVE-2022-28078 | 0.00 | — | 0.01 | May 11, 2022 | Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['page'] parameter. | |||
| CVE-2021-43712 | 0.00 | — | 0.01 | May 9, 2022 | Stored XSS in Add New Employee Form in Sourcecodester Employee Daily Task Management System 1.0 Allows Remote Attacker to Inject/Store Arbitrary Code via the Name Field. | |||
| CVE-2022-28025 | 0.00 | — | 0.01 | Apr 21, 2022 | Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=school_year. | |||
| CVE-2022-28024 | 0.00 | — | 0.01 | Apr 21, 2022 | Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=grade. |
- CVE-2022-31346Jun 1, 2022risk 0.00cvss —epss 0.01
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_service.
- CVE-2022-31347Jun 1, 2022risk 0.00cvss —epss 0.01
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_vehicle.
- CVE-2022-31350Jun 1, 2022risk 0.00cvss —epss 0.01
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/vehicles/manage_vehicle.php?id=.
- CVE-2022-31351Jun 1, 2022risk 0.00cvss —epss 0.01
Online Car Wash Booking System v1.0 by oretnom23 has SQL injection via /ocwbs/admin/services/manage_price.php?id=.
- CVE-2022-31352Jun 1, 2022risk 0.00cvss —epss 0.01
Online Car Wash Booking System v1.0 by oretnom23 has SQL injection in /ocwbs/admin/services/manage_service.php?id=.
- CVE-2022-31353Jun 1, 2022risk 0.00cvss —epss 0.01
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/services/view_service.php?id=.
- CVE-2022-31354Jun 1, 2022risk 0.00cvss —epss 0.01
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=get_vehicle_service.
- CVE-2022-30799May 31, 2022risk 0.00cvss —epss 0.01
Online Ordering System v1.0 by oretnom23 has SQL injection via store/orderpage.php.
- CVE-2022-30798May 31, 2022risk 0.00cvss —epss 0.01
Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/viewreport.php.
- CVE-2022-30797May 31, 2022risk 0.00cvss —epss 0.01
Online Ordering System 1.0 by oretnom23 is vulnerable to SQL Injection via admin/vieworders.php.
- CVE-2022-30795May 31, 2022risk 0.00cvss —epss 0.01
Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductimage.php.
- CVE-2022-30794May 31, 2022risk 0.00cvss —epss 0.01
Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductetails.php.
- CVE-2022-30423May 27, 2022risk 0.00cvss —epss 0.02
Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information.
- CVE-2022-30495May 26, 2022risk 0.00cvss —epss 0.01
In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing attackers to change the admin password(vertical privilege escalation)
- CVE-2022-30493May 26, 2022risk 0.00cvss —epss 0.02
In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin access(privilege escalation).
- CVE-2022-30494May 26, 2022risk 0.00cvss —epss 0.01
In oretnom23 Automotive Shop Management System v1.0, the first and last name user fields suffer from a stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal IPs.
- CVE-2022-30463May 24, 2022risk 0.00cvss —epss 0.01
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_product.
- CVE-2022-30458May 24, 2022risk 0.00cvss —epss 0.00
Automotive Shop Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /asms/classes/Master.php?f=save_product, name.
- CVE-2022-30016May 23, 2022risk 0.00cvss —epss 0.01
Rescue Dispatch Management System 1.0 is vulnerable to Incorrect Access Control via http://localhost/rdms/admin/?page=system_info.
- CVE-2022-30017May 23, 2022risk 0.00cvss —epss 0.00
Rescue Dispatch Management System 1.0 suffers from Stored XSS, leading to admin account takeover via cookie stealing.
- CVE-2022-29652May 19, 2022risk 0.00cvss —epss 0.01
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=save_client.
- CVE-2022-29304May 19, 2022risk 0.00cvss —epss 0.01
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /classes/master.php?f=delete_ Facility.
- CVE-2022-30386May 13, 2022risk 0.00cvss —epss 0.01
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_featured.
- CVE-2022-30391May 13, 2022risk 0.00cvss —epss 0.01
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_category.
- CVE-2022-30392May 13, 2022risk 0.00cvss —epss 0.01
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_sub_category.
- CVE-2022-30393May 13, 2022risk 0.00cvss —epss 0.01
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=product/manage_product&id=.
- CVE-2022-30396May 13, 2022risk 0.00cvss —epss 0.01
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=inventory/manage_inventory&id=.
- CVE-2022-30400May 13, 2022risk 0.00cvss —epss 0.01
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/orders/view_order.php?view=user&id=.
- CVE-2022-30402May 13, 2022risk 0.00cvss —epss 0.01
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=maintenance/manage_sub_category&id=.
- CVE-2022-30403May 13, 2022risk 0.00cvss —epss 0.01
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/?p=products&c=.
- CVE-2022-30367May 13, 2022risk 0.00cvss —epss 0.01
Air Cargo Management System v1.0 is vulnerable to file deletion via /acms/classes/Master.php?f=delete_img.
- CVE-2022-30371May 13, 2022risk 0.00cvss —epss 0.01
Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/cargo_types/view_cargo_type.php?id=.
- CVE-2022-30372May 13, 2022risk 0.00cvss —epss 0.01
Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=delete_cargo.
- CVE-2022-29986May 12, 2022risk 0.00cvss —epss 0.01
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_facility.
- CVE-2022-29987May 12, 2022risk 0.00cvss —epss 0.01
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=user/manage_user&id=.
- CVE-2022-29988May 12, 2022risk 0.00cvss —epss 0.01
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete.
- CVE-2022-29989May 12, 2022risk 0.00cvss —epss 0.01
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_booking.
- CVE-2022-29993May 12, 2022risk 0.00cvss —epss 0.01
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/bookings/view_booking.php?id=.
- CVE-2022-29994May 12, 2022risk 0.00cvss —epss 0.01
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=facilities/manage_facility&id=.
- CVE-2022-29995May 12, 2022risk 0.00cvss —epss 0.01
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=clients/manage_client&id=.
- CVE-2022-29750May 12, 2022risk 0.00cvss —epss 0.02
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_service.
- CVE-2022-29751May 12, 2022risk 0.00cvss —epss 0.02
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_client.
- CVE-2022-29981May 12, 2022risk 0.00cvss —epss 0.02
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Users.php?f=delete.
- CVE-2022-29979May 12, 2022risk 0.00cvss —epss 0.02
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_designation.
- CVE-2022-29980May 12, 2022risk 0.00cvss —epss 0.02
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=user/manage_user&id=.
- CVE-2022-29982May 12, 2022risk 0.00cvss —epss 0.02
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/maintenance/manage_service.php?id=.
- CVE-2022-28078May 11, 2022risk 0.00cvss —epss 0.01
Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['page'] parameter.
- CVE-2021-43712May 9, 2022risk 0.00cvss —epss 0.01
Stored XSS in Add New Employee Form in Sourcecodester Employee Daily Task Management System 1.0 Allows Remote Attacker to Inject/Store Arbitrary Code via the Name Field.
- CVE-2022-28025Apr 21, 2022risk 0.00cvss —epss 0.01
Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=school_year.
- CVE-2022-28024Apr 21, 2022risk 0.00cvss —epss 0.01
Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=grade.
Page 8 of 9