Wedding Planner Project Wedding Planner — known CVE vulnerabilities
Every CVE whose affected-product data names Wedding Planner Project Wedding Planner, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2022-38509 — CVSS 9.8 (critical): Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking_id parameter at /admin/budget.php.
CVE-2022-40483 — CVSS 9.8 (critical): Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /wedding_details.php.
CVE-2022-40484 — CVSS 9.8 (critical): Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/client_edit.php.
CVE-2022-40485 — CVSS 9.8 (critical): Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /package_detail.php.
CVE-2022-40402 — CVSS 8.8 (high): Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/client_assign.php.
CVE-2022-41538 — CVSS 8.8 (high): Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /Wedding-Management-PHP/admin/photos_…
CVE-2022-41539 — CVSS 8.8 (high): Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /admin/users_add.php. This…
CVE-2022-40404 — CVSS 8.8 (high): Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/select.php.
CVE-2022-40403 — CVSS 7.2 (high): Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/feature_edit.php.