MidnightBSD

Advisories for simple_task_scheduling_system_project

CVE-2022-30927 HIGH

A SQL injection vulnerability exists in Simple Task Scheduling System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable "id" parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
simple_task_scheduling_system_project simple_task_scheduling_system 1.0
CVE-2022-36674

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/view_schedule.php.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
simple_task_scheduling_system_project simple_task_scheduling_system 1.0
CVE-2022-36675

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/manage_schedule.php.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
simple_task_scheduling_system_project simple_task_scheduling_system 1.0
CVE-2022-36676

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /categories/view_category.php.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
simple_task_scheduling_system_project simple_task_scheduling_system 1.0
CVE-2022-36678

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
simple_task_scheduling_system_project simple_task_scheduling_system 1.0
CVE-2022-36679

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
simple_task_scheduling_system_project simple_task_scheduling_system 1.0
CVE-2022-36680

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
simple_task_scheduling_system_project simple_task_scheduling_system 1.0
CVE-2022-36681

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
simple_task_scheduling_system_project simple_task_scheduling_system 1.0
CVE-2022-36682

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_student.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
simple_task_scheduling_system_project simple_task_scheduling_system 1.0
CVE-2022-36683

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_payment.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
simple_task_scheduling_system_project simple_task_scheduling_system 1.0