Aggregates CVE and security vulnerability intelligence across all isic.lk_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk sql injection and vendor risk path handling; exposure may include vendor impact file overwrite and vendor impact data exposure in vendor surface software deployment contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-30528 | SQL Injection vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to execute arbitrary commands via the username parameter to /system/user/modules/mod_users/controller.php. | [email protected] | 9.8 | 0.47% | 2022-12-01 | 2025-04-24 |
| CVE-2022-28607 | An issue was discovered in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to gain sensitive information via the action parameter to /system/user/modules/mod_users/controller.php. | [email protected] | 7.5 | 0.30% | 2022-12-01 | 2025-04-24 |
| CVE-2022-30529 | File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialog.php and /system/application/libs/js/tinymce/plugins/filemanager/upload.php. | [email protected] | 7.2 | 0.36% | 2022-11-22 | 2025-04-28 |