Dig-Bick

#12561of 53,622
21.6Total CVSS
Vulnerabilities · 3
High
3
PT-2022-26730
7.2
2022-11-07
Unknown · Online Tours & Travels Management System · CVE-2022-43050
**Name of the Vulnerable Software and Affected Versions** Online Tours & Travels Management System version 1.0 **Description** The issue is related to an arbitrary file upload vulnerability in the `update profile.php` component. This allows attackers to execute arbitrary code via a crafted PHP file. **Recommendations** For Online Tours & Travels Management System version 1.0, consider disabling the `update profile.php` component until a patch is available to prevent arbitrary file uploads. Restrict access to this component to minimize the risk of exploitation. Avoid using this component to upload files until the issue is resolved.
PT-2022-26731
7.2
2022-11-07
Unknown · Online Diagnostic Lab Management System · CVE-2022-43051
**Name of the Vulnerable Software and Affected Versions** Online Diagnostic Lab Management System version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `id` parameter at the "/odlms/classes/Users.php?f=delete test" API endpoint. **Recommendations** For Online Diagnostic Lab Management System version 1.0, as a temporary workaround, consider restricting access to the "/odlms/classes/Users.php?f=delete test" API endpoint to minimize the risk of exploitation. Avoid using the `id` parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-26732
7.2
2022-11-07
Unknown · Online Diagnostic Lab Management System · CVE-2022-43052
**Name of the Vulnerable Software and Affected Versions** Online Diagnostic Lab Management System version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `id` parameter at the "/odlms/classes/Users.php?f=delete" API endpoint. **Recommendations** For Online Diagnostic Lab Management System version 1.0, avoid using the `id` parameter in the "/odlms/classes/Users.php?f=delete" API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the Users.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.