Vulnerabilities > Wedding Planner Project > High

DATE CVE VULNERABILITY TITLE RISK
2022-10-14 CVE-2022-41538 Unrestricted Upload of File with Dangerous Type vulnerability in Wedding Planner Project Wedding Planner 1.0
Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /Wedding-Management-PHP/admin/photos_add.php.
network
low complexity
wedding-planner-project CWE-434
8.8
8.8
2022-10-14 CVE-2022-41539 Unrestricted Upload of File with Dangerous Type vulnerability in Wedding Planner Project Wedding Planner 1.0
Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /admin/users_add.php.
network
low complexity
wedding-planner-project CWE-434
8.8
8.8
2022-10-11 CVE-2022-42034 Unrestricted Upload of File with Dangerous Type vulnerability in Wedding Planner Project Wedding Planner 1.0
Wedding Planner v1.0 is vulnerable to arbitrary code execution via users_profile.php.
network
low complexity
wedding-planner-project CWE-434
8.8
8.8
2022-10-11 CVE-2022-42229 Unrestricted Upload of File with Dangerous Type vulnerability in Wedding Planner Project Wedding Planner 1.0
Wedding Planner v1.0 is vulnerable to Arbitrary code execution via package_edit.php.
network
low complexity
wedding-planner-project CWE-434
8.8
8.8
2022-09-26 CVE-2022-40402 SQL Injection vulnerability in Wedding Planner Project Wedding Planner 1.0
Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/client_assign.php.
network
low complexity
wedding-planner-project CWE-89
8.8
8.8
2022-09-26 CVE-2022-40403 SQL Injection vulnerability in Wedding Planner Project Wedding Planner 1.0
Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/feature_edit.php.
network
low complexity
wedding-planner-project CWE-89
7.2
7.2
2022-09-26 CVE-2022-40404 SQL Injection vulnerability in Wedding Planner Project Wedding Planner 1.0
Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/select.php.
network
low complexity
wedding-planner-project CWE-89
8.8
8.8