First published: Mon Aug 22 2022(Updated: )
Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.php, buspassms/admin/pass-bwdates-reports-details.php, buspassms/admin/changeimage.php, buspassms/admin/search-pass.php, buspassms/admin/edit-category-detail.php, and buspassms/admin/edit-pass-detail.php
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Bus Pass Management System | =1.0 | |
Bus Pass Management System | =1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-36198 is considered high due to the potential for unauthorized access and data manipulation through SQL injection vulnerabilities.
To fix CVE-2022-36198, validate and sanitize user inputs, use prepared statements for database queries, and apply updates to the Bus Pass Management System if available.
CVE-2022-36198 affects Bus Pass Management System version 1.0 developed by both Bus Pass Management System Project and Phpgurukul.
CVE-2022-36198 can be exploited by an attacker injecting malicious SQL queries through vulnerable parameters in specified PHP files.
Common files involved in CVE-2022-36198 include view-enquiry.php, pass-bwdates-reports-details.php, changeimage.php, search-pass.php, edit-category-detail.php, and edit-pass-detail.php.