cbcvebase.

Event Management System Project Event Management System vulnerabilities

4 known vulnerabilities affecting event_management_system_project/event_management_system.

Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2022-28080P2HIGHCVSS 8.8PoCv1.02022-05-05
CVE-2022-28080 [HIGH] CWE-89 CVE-2022-28080: Royal Event Management System v1.0 was discovered to contain a SQL injection vulnerability via the t Royal Event Management System v1.0 was discovered to contain a SQL injection vulnerability via the todate parameter.
nvd
CVE-2022-1101P3CRITICALCVSS 9.8v1.02023-01-07
CVE-2022-1101 [CRITICAL] CWE-287 CVE-2022-1101: A vulnerability was found in SourceCodester Royale Event Management System 1.0. It has been rated as A vulnerability was found in SourceCodester Royale Event Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /royal_event/userregister.php. The manipulation leads to improper authentication. The attack may be initiated remotely. The identifier VDB-195785 was assigned to this vulnerability.
nvd
CVE-2022-38323P3HIGHCVSS 7.2v1.02022-09-15
CVE-2022-38323 [HIGH] CWE-434 CVE-2022-38323: Event Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via th Event Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /Royal_Event/update_image.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
nvd
CVE-2022-1102P4MEDIUMCVSS 6.1v1.02023-01-07
CVE-2022-1102 [MEDIUM] CWE-79 CVE-2022-1102: A vulnerability classified as problematic has been found in SourceCodester Royale Event Management S A vulnerability classified as problematic has been found in SourceCodester Royale Event Management System 1.0. Affected is an unknown function of the file /royal_event/companyprofile.php. The manipulation of the argument companyname/regno/companyaddress/companyemail leads to cross site scripting. It is possible to launch the attack remotely. VDB-195786
nvd
Event Management System Project Event Management System vulnerabilities | cvebase