CVE-2022-28415

Name of the Vulnerable Software and Affected Versions Home Owners Collection Management System version 1.0

Description A SQL injection issue was found in the Home Owners Collection Management System. The vulnerability can be exploited via the /hocms/classes/Master.php API endpoint, specifically through the f parameter when set to delete collection.

Recommendations For Home Owners Collection Management System version 1.0, consider restricting access to the delete collection function in the Master.php file until a patch is available. As a temporary workaround, avoid using the f parameter with the delete collection value in the /hocms/classes/Master.php endpoint to minimize the risk of exploitation.