Simple Cold Storage Management System Project: >> Simple Cold Storage Managment System >> 1.0 Security Vulnerabilities
Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /bookings/update_status.php.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-10-28
Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=bookings/view_details.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-10-28
Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/admin/?page=user/manage_user&id=.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-10-11
The id parameter in view_storage.php from Simple Cold Storage Management System 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-12-21