CVE-2022-36198

Name of the Vulnerable Software and Affected Versions Bus Pass Management System version 1.0

Description Multiple SQL injections were detected in the Bus Pass Management System. The issue affects several API endpoints, including "buspassms/admin/view-enquiry.php", "buspassms/admin/pass-bwdates-reports-details.php", "buspassms/admin/changeimage.php", "buspassms/admin/search-pass.php", "buspassms/admin/edit-category-detail.php", and "buspassms/admin/edit-pass-detail.php".

Recommendations As a temporary workaround, consider disabling access to the affected API endpoints until a patch is available. Restrict input to prevent SQL injection attacks on the view-enquiry.php, pass-bwdates-reports-details.php, changeimage.php, search-pass.php, edit-category-detail.php, and edit-pass-detail.php endpoints. At the moment, there is no information about a newer version that contains a fix for this vulnerability.