CVE-2022-29985

Name of the Vulnerable Software and Affected Versions Online Sports Complex Booking System version 1.0

Description The issue concerns a SQL Injection vulnerability. It can be exploited via the Master.php file, specifically through the delete category function. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. Technical details about exploitation include the API endpoint /scbs/classes/Master.php?f=delete category.

Recommendations For Online Sports Complex Booking System version 1.0, consider restricting access to the delete category function in the Master.php file until a patch is available. Avoid using the f parameter in the affected API endpoint /scbs/classes/Master.php?f=delete category to minimize the risk of exploitation.