Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30529 | 1 Isic.lk Project | 1 Isic.lk | 2024-11-21 | N/A | 7.2 HIGH |
| File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialog.php and /system/application/libs/js/tinymce/plugins/filemanager/upload.php. | |||||
| CVE-2022-30528 | 1 Isic.lk Project | 1 Isic.lk | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to execute arbitrary commands via the username parameter to /system/user/modules/mod_users/controller.php. | |||||
| CVE-2022-28607 | 1 Isic.lk Project | 1 Isic.lk | 2024-11-21 | N/A | 7.5 HIGH |
| An issue was discovered in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to gain sensitive information via the action parameter to /system/user/modules/mod_users/controller.php. | |||||