Hegeoo

#12552of 53,632
21.6Total CVSS
Vulnerabilities · 3
High
3
PT-2022-25828
7.2
2022-10-07
Unknown · Online Pet Shop We App · CVE-2022-41377
**Name of the Vulnerable Software and Affected Versions** Online Pet Shop We App version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `id` parameter at the "/pet shop/admin/?page=maintenance/manage category" API endpoint. **Recommendations** For Online Pet Shop We App version 1.0, consider restricting access to the "/pet shop/admin/?page=maintenance/manage category" API endpoint to minimize the risk of exploitation. Avoid using the `id` parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-25829
7.2
2022-10-07
Unknown · Online Pet Shop We App · CVE-2022-41378
**Name of the Vulnerable Software and Affected Versions** Online Pet Shop We App version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `id` parameter at the "/pet shop/admin/?page=inventory/manage inventory" API endpoint. **Recommendations** For Online Pet Shop We App version 1.0, avoid using the `id` parameter in the affected API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the "/pet shop/admin/?page=inventory/manage inventory" endpoint to minimize the risk of exploitation.
PT-2022-25830
7.2
2022-10-07
Unknown · Online Leave Management System · CVE-2022-41379
**Name of the Vulnerable Software and Affected Versions** Online Leave Management System version 1.0 **Description** The issue concerns an arbitrary file upload vulnerability in the component /leave system/classes/Users.php?f=save. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. **Recommendations** For Online Leave Management System version 1.0, consider disabling the file upload functionality in the /leave system/classes/Users.php?f=save component until a patch is available. Restrict access to this component to minimize the risk of exploitation. Avoid using this component for file uploads until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.