Shodan
Vulnerabilities
Vulnerable Software
Online Leave Management System Project:  >> Online Leave Management System  Security Vulnerabilities
CVE-2022-45008
Online Leave Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /leave_system/admin/?page=maintenance/department. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted payload injected into the Name field under the Create New module.
CVSS Score
4.8
EPSS Score
0.001
Published
2022-12-07
CVE-2022-45009
Online Leave Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /leave_system/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVSS Score
7.2
EPSS Score
0.002
Published
2022-12-07
CVE-2022-43179
Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /admin/?page=user/manage_user&id=.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-11-17
CVE-2022-41379
An arbitrary file upload vulnerability in the component /leave_system/classes/Users.php?f=save of Online Leave Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-10-07
CVE-2022-41355
Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /leave_system/classes/Master.php?f=delete_department.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-10-06
CVE-2022-40926
Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_leave_type.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-09-26
CVE-2022-40927
Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_designation.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-09-26
CVE-2022-40928
Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_application.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-09-26
CVE-2022-38302
Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /maintenance/manage_department.php.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-09-12
CVE-2022-38303
Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /employees/manage_leave_type.php.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-09-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved