Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Home_owners_collection_management_system
(Home_owners_collection_management_system_project)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 15 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-02-26 | CVE-2022-25094 | Home Owners Collection Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the parameter "cover" in SystemSettings.php. | Home_owners_collection_management_system | 8.8 | ||
| 2022-02-26 | CVE-2022-25095 | Home Owners Collection Management System v1.0 allows unauthenticated attackers to compromise user accounts via a crafted POST request. | Home_owners_collection_management_system | 9.8 | ||
| 2022-02-26 | CVE-2022-25096 | Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/view_member.php. | Home_owners_collection_management_system | 9.8 | ||
| 2022-02-28 | CVE-2022-25028 | Home Owners Collection Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the collected_by parameter under the List of Collections module. | Home_owners_collection_management_system | 6.1 | ||
| 2022-03-02 | CVE-2022-25016 | Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /student_attendance/index.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | Home_owners_collection_management_system | 9.8 | ||
| 2022-03-02 | CVE-2022-25045 | Home Owners Collection Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. | Home_owners_collection_management_system | 9.8 | ||
| 2022-03-02 | CVE-2022-25115 | A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user/manage_user of Home Owners Collection Management System v1.0 allows attackers to execute arbitrary code via a crafted PNG file. | Home_owners_collection_management_system | 7.8 | ||
| 2022-04-21 | CVE-2022-28415 | Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_collection. | Home_owners_collection_management_system | 9.8 | ||
| 2022-04-21 | CVE-2022-28414 | Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_member. | Home_owners_collection_management_system | 9.8 | ||
| 2022-04-21 | CVE-2022-28417 | Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_phase. | Home_owners_collection_management_system | 9.8 |