CVE-2022-28962

Name of the Vulnerable Software and Affected Versions Online Sports Complex Booking System version 1.0

Description The issue concerns a SQL Injection vulnerability. It can be exploited via the /scbs/classes/Users.php?f=delete client API endpoint. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations For Online Sports Complex Booking System version 1.0, consider disabling the delete client function in the /scbs/classes/Users.php file until a patch is available. Restrict access to the /scbs/classes/Users.php?f=delete client endpoint to minimize the risk of exploitation.