Isic.lk Project: >> Isic.lk Security Vulnerabilities
An issue was discovered in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to gain sensitive information via the action parameter to /system/user/modules/mod_users/controller.php.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-12-01
SQL Injection vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to execute arbitrary commands via the username parameter to /system/user/modules/mod_users/controller.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-12-01
File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialog.php and /system/application/libs/js/tinymce/plugins/filemanager/upload.php.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-11-22