Online Sports Complex Booking System 1.0 Master.php sql injection

EntryeditHistoryDiffjsonxmlCTI

A vulnerability has been found in Online Sports Complex Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file \scbs\classes\Master.php?f=delete_category. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field	05/12/2022 06:40 PM	05/14/2022 06:19 PM
name	Online Sports Complex Booking System	Online Sports Complex Booking System
version	1.0	1.0
file	\scbs\classes\Master.php?f=delete_category	\scbs\classes\Master.php?f=delete_category
cwe	89 (sql injection)	89 (sql injection)
risk	2	2
cvss3_vuldb_av	N	N
cvss3_vuldb_ac	L	L
cvss3_vuldb_ui	N	N
cvss3_vuldb_s	U	U
cvss3_vuldb_c	L	L
cvss3_vuldb_i	L	L
cvss3_vuldb_a	L	L
cvss3_vuldb_rc	R	R
url	https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/Online-Sports-Complex-Booking-System/SQLi-1.md	https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/Online-Sports-Complex-Booking-System/SQLi-1.md
cve	CVE-2022-29985	CVE-2022-29985
cve_assigned	1651442400	1651442400
date	1652306400 (05/12/2022)	1652306400 (05/12/2022)
cvss2_vuldb_av	N	N
cvss2_vuldb_ac	L	L
cvss2_vuldb_ci	P	P
cvss2_vuldb_ii	P	P
cvss2_vuldb_ai	P	P
cvss2_vuldb_rc	UR	UR
cvss2_vuldb_au	S	S
cvss2_vuldb_e	ND	ND
cvss2_vuldb_rl	ND	ND
cvss3_vuldb_pr	L	L
cvss3_vuldb_e	X	X
cvss3_vuldb_rl	X	X
cvss2_vuldb_basescore	6.5	6.5
cvss2_vuldb_tempscore	6.2	6.2
cvss3_vuldb_basescore	6.3	6.3
cvss3_vuldb_tempscore	6.1	6.1
cvss3_meta_basescore	6.3	6.3
cvss3_meta_tempscore	6.1	6.1
price_0day	$0-$5k	$0-$5k
cve_nvd_summary		Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_category.

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!