Prison Management System Project Prison Management System vulnerabilities

20 known vulnerabilities affecting prison_management_system_project/prison_management_system.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

HIGH18MEDIUM2

Vulnerabilities

Page 1 of 1

CVE-2024-7813MEDIUMCVSS 6.9v1.02024-08-15

CVE-2024-7813 [MEDIUM] CWE-522 CVE-2024-7813: A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Manage A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. This issue affects some unknown processing of the file /uploadImage/Profile/ of the component Profile Image Handler. The manipulation leads to insufficiently protected credentials. The attack may be initiated remotely. The exploit has b

nvd

CVE-2022-32397HIGHCVSS 8.8v1.02022-06-24

CVE-2022-32397 [HIGH] CWE-89 CVE-2022-32397: Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' p Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/visits/view_visit.php:4

nvd

CVE-2022-32400HIGHCVSS 7.2v1.02022-06-24

CVE-2022-32400 [HIGH] CWE-89 CVE-2022-32400: Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' p Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/user/manage_user.php:4.

nvd

CVE-2022-32398HIGHCVSS 8.8v1.02022-06-24

CVE-2022-32398 [HIGH] CWE-89 CVE-2022-32398: Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' p Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/cells/manage_cell.php:4

nvd

CVE-2022-32402HIGHCVSS 8.8v1.02022-06-24

CVE-2022-32402 [HIGH] CWE-89 CVE-2022-32402: Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' p Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/prisons/manage_prison.php:4

nvd

CVE-2022-32405HIGHCVSS 8.8v1.02022-06-24

CVE-2022-32405 [HIGH] CWE-89 CVE-2022-32405: Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' p Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/prisons/view_prison.php:4

nvd

CVE-2022-32396HIGHCVSS 8.8v1.02022-06-24

CVE-2022-32396 [HIGH] CWE-89 CVE-2022-32396: Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' p Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/visits/manage_visit.php:4

nvd

CVE-2022-32391HIGHCVSS 8.8v1.02022-06-24

CVE-2022-32391 [HIGH] CWE-89 CVE-2022-32391: Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' p Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/actions/view_action.php:4

nvd

CVE-2022-32393HIGHCVSS 8.8v1.02022-06-24

CVE-2022-32393 [HIGH] CWE-89 CVE-2022-32393: Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' p Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/cells/view_cell.php:4

nvd

CVE-2022-32392HIGHCVSS 8.8v1.02022-06-24

CVE-2022-32392 [HIGH] CWE-89 CVE-2022-32392: Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' p Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/actions/manage_action.php:4

nvd

CVE-2022-32394HIGHCVSS 8.8v1.02022-06-24

CVE-2022-32394 [HIGH] CWE-89 CVE-2022-32394: Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' p Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/view_inmate.php:3

nvd

CVE-2022-32404HIGHCVSS 8.8v1.02022-06-24

CVE-2022-32404 [HIGH] CWE-89 CVE-2022-32404: Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' p Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manage_inmate.php:3

nvd

CVE-2022-32399HIGHCVSS 8.8v1.02022-06-24

CVE-2022-32399 [HIGH] CWE-89 CVE-2022-32399: Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' p Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/crimes/view_crime.php:4

nvd

CVE-2022-32401HIGHCVSS 8.8v1.02022-06-24

CVE-2022-32401 [HIGH] CWE-89 CVE-2022-32401: Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' p Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manage_privilege.php:4

nvd

CVE-2022-32395HIGHCVSS 8.8v1.02022-06-24

CVE-2022-32395 [HIGH] CWE-89 CVE-2022-32395: Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' p Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/crimes/manage_crime.php:4

nvd

CVE-2022-32403HIGHCVSS 8.8v1.02022-06-24

CVE-2022-32403 [HIGH] CWE-89 CVE-2022-32403: Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' p Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manage_record.php:4

nvd

CVE-2022-2019HIGHCVSS 7.5v1.02022-06-09

CVE-2022-2019 [HIGH] CWE-285 CVE-2022-2019: A vulnerability classified as critical was found in SourceCodester Prison Management System 1.0. Aff A vulnerability classified as critical was found in SourceCodester Prison Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php?f=save of the component New User Creation. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the

nvd

CVE-2022-2017HIGHCVSS 7.2v1.02022-06-09

CVE-2022-2017 [MEDIUM] CWE-89 CVE-2022-2017: A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as criti A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pms/admin/visits/view_visit.php of the component Visit Handler. The manipulation of the argument id with the input 2%27and%201=2%20union%20select%201,2,3,4,5,6,7,user(),database()--+ leads to s

nvd

CVE-2022-2018HIGHCVSS 7.2v1.02022-06-09

CVE-2022-2018 [MEDIUM] CWE-89 CVE-2022-2018: A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0 A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. Affected is an unknown function of the file /admin/?page=inmates/view_inmate of the component Inmate Handler. The manipulation of the argument id with the input 1%27%20and%201=2%20union%20select%201,user(),3,4,5,6,7,8,9,0,database(),2,3,4,5,6,7,8,9,0,1

nvd

CVE-2022-2020MEDIUMCVSS 4.8v1.02022-06-09

CVE-2022-2020 [LOW] CWE-79 CVE-2022-2020: A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Manage A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=system_info of the component System Name Handler. The manipulation with the input leads to cross site scripting. The attack may be launched remotely. The exploit

nvd