CVE-2022-29988

Name of the Vulnerable Software and Affected Versions Online Sports Complex Booking System version 1.0

Description The issue concerns a SQL Injection vulnerability via the Master.php file, specifically when the f parameter is set to delete. This vulnerability can be exploited through the /scbs/classes/Master.php?f=delete API endpoint. The f parameter is vulnerable, as indicated by f=delete.

Recommendations For Online Sports Complex Booking System version 1.0, consider disabling the delete function in the Master.php file as a temporary workaround until a patch is available. Restrict access to the /scbs/classes/Master.php?f=delete API endpoint to minimize the risk of exploitation. Avoid using the f parameter in the affected API endpoint until the issue is resolved.