CVE-2022-29652

Name of the Vulnerable Software and Affected Versions Online Sports Complex Booking System version 1.0

Description The issue concerns SQL Injection via the "/scbs/classes/Users.php?f=save client" endpoint. This allows for potential manipulation of database queries, which could lead to unauthorized access or data modification.

Recommendations For Online Sports Complex Booking System version 1.0, consider disabling the save client function in the Users.php file as a temporary workaround until a patch is available. Restrict access to the "/scbs/classes/Users.php?f=save client" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.