Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-2749

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-11 Aug, 2022 | 04:56
Updated At-15 Apr, 2025 | 13:53
Rejected At-
Credits

SourceCodester Gym Management System unrestricted upload

A vulnerability was found in SourceCodester Gym Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /mygym/admin/index.php?view_exercises. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206017 was assigned to this vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:11 Aug, 2022 | 04:56
Updated At:15 Apr, 2025 | 13:53
Rejected At:
▼CVE Numbering Authority (CNA)
SourceCodester Gym Management System unrestricted upload

A vulnerability was found in SourceCodester Gym Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /mygym/admin/index.php?view_exercises. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206017 was assigned to this vulnerability.

Affected Products
Vendor
SourceCodesterSourceCodester
Product
Gym Management System
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
CWECWE-434CWE-434 Unrestricted Upload
Type: CWE
CWE ID: CWE-434
Description: CWE-434 Unrestricted Upload
Metrics
VersionBase scoreBase severityVector
3.14.7MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Version: 3.1
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/Blythe-LU/Record3/blob/main/Gym%20Management%20System%20Project-%20Arbitrary%20file%20upload%20vulnerability.md
x_refsource_MISC
https://vuldb.com/?id.206017
x_refsource_MISC
Hyperlink: https://github.com/Blythe-LU/Record3/blob/main/Gym%20Management%20System%20Project-%20Arbitrary%20file%20upload%20vulnerability.md
Resource:
x_refsource_MISC
Hyperlink: https://vuldb.com/?id.206017
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/Blythe-LU/Record3/blob/main/Gym%20Management%20System%20Project-%20Arbitrary%20file%20upload%20vulnerability.md
x_refsource_MISC
x_transferred
https://vuldb.com/?id.206017
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/Blythe-LU/Record3/blob/main/Gym%20Management%20System%20Project-%20Arbitrary%20file%20upload%20vulnerability.md
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://vuldb.com/?id.206017
Resource:
x_refsource_MISC
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:11 Aug, 2022 | 05:15
Updated At:15 Aug, 2022 | 19:33

A vulnerability was found in SourceCodester Gym Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /mygym/admin/index.php?view_exercises. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206017 was assigned to this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.14.7MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CPE Matches
Adrian Mercurio
gym_management_system_project
>>gym_management_system>>-
cpe:2.3:a:gym_management_system_project:gym_management_system:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-434Primarycna@vuldb.com
CWE ID: CWE-434
Type: Primary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/Blythe-LU/Record3/blob/main/Gym%20Management%20System%20Project-%20Arbitrary%20file%20upload%20vulnerability.mdcna@vuldb.com
Exploit
Third Party Advisory
https://vuldb.com/?id.206017cna@vuldb.com
Third Party Advisory
Hyperlink: https://github.com/Blythe-LU/Record3/blob/main/Gym%20Management%20System%20Project-%20Arbitrary%20file%20upload%20vulnerability.md
Source: cna@vuldb.com
Resource:
Exploit
Third Party Advisory
Hyperlink: https://vuldb.com/?id.206017
Source: cna@vuldb.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1075Records found
CVE-2025-0294
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.08% / 25.10%
||
7 Day CHG+0.02%
Published-07 Jan, 2025 | 13:31
Updated-29 Apr, 2025 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Home Clean Services Management System process.php sql injection

A vulnerability has been found in SourceCodester Home Clean Services Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /public_html/admin/process.php. The manipulation of the argument type/length/business leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Action-Not Available
Vendor-acetechSourceCodester
Product-home_clean_services_management_systemHome Clean Services Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-8559
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.17% / 39.02%
||
7 Day CHG~0.00%
Published-07 Sep, 2024 | 17:31
Updated-10 Sep, 2024 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Food Menu delete-menu.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Online Food Menu 1.0. This issue affects some unknown processing of the file /endpoint/delete-menu.php. The manipulation of the argument menu leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-remyandradeSourceCodester
Product-online_food_menuOnline Food Menu
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-9319
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 32.51%
||
7 Day CHG~0.00%
Published-28 Sep, 2024 | 23:31
Updated-01 Oct, 2024 | 13:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Timesheet App delete-timesheet.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Online Timesheet App 1.0. This affects an unknown part of the file /endpoint/delete-timesheet.php. The manipulation of the argument timesheet leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-remyandradeSourceCodester
Product-online_timesheet_appOnline Timesheet Apponline_timesheet
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-9317
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 32.51%
||
7 Day CHG~0.00%
Published-28 Sep, 2024 | 21:00
Updated-01 Oct, 2024 | 13:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Eyewear Shop Master.php delete_category sql injection

A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is the function delete_category of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-online_eyewear_shopOnline Eyewear Shoponline_eyewear_shop
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-8560
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 40.70%
||
7 Day CHG~0.00%
Published-07 Sep, 2024 | 18:00
Updated-10 Sep, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Invoice Generator System save_invoice.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Simple Invoice Generator System 1.0. Affected is an unknown function of the file /save_invoice.php. The manipulation of the argument invoice_code/customer/cashier/total_amount/discount_percentage/discount_amount/tendered_amount leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_invoice_generator_systemSimple Invoice Generator System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-9032
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.22% / 44.18%
||
7 Day CHG~0.00%
Published-20 Sep, 2024 | 13:00
Updated-20 Sep, 2024 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Forum-Discussion System index.php path traversal

A vulnerability, which was classified as critical, was found in SourceCodester Simple Forum-Discussion System 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument page leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_forum\/discussion_systemSimple Forum-Discussion System
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-9041
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 10.41%
||
7 Day CHG~0.00%
Published-20 Sep, 2024 | 16:31
Updated-27 Sep, 2024 | 15:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best House Rental Management System ajax.php sql injection

A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=update_account. The manipulation of the argument firstname/lastname/email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-best_house_rental_management_systemBest House Rental Management Systembest_house_rental_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-8709
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.95%
||
7 Day CHG~0.00%
Published-12 Sep, 2024 | 02:31
Updated-13 Sep, 2024 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best House Rental Management System admin_class.php save_user sql injection

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is the function delete_user/save_user of the file /admin_class.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-best_house_rental_management_systemBest House Rental Management Systembest_house_rental_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-8949
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-1.07% / 76.87%
||
7 Day CHG~0.00%
Published-17 Sep, 2024 | 19:00
Updated-23 Sep, 2024 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Eyewear Shop Cart Content Master.php improper ownership management

A vulnerability classified as critical has been found in SourceCodester Online Eyewear Shop 1.0. This affects an unknown part of the file /classes/Master.php of the component Cart Content Handler. The manipulation of the argument cart_id/id leads to improper ownership management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-online_eyewear_shopOnline Eyewear Shop
CWE ID-CWE-282
Improper Ownership Management
CVE-2024-9315
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 32.51%
||
7 Day CHG~0.00%
Published-28 Sep, 2024 | 19:00
Updated-01 Oct, 2024 | 13:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Employee and Visitor Gate Pass Logging System manage_department.php sql injection

A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/maintenance/manage_department.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-employee_and_visitor_gate_pass_logging_systemEmployee and Visitor Gate Pass Logging System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7810
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 10.40%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 02:00
Updated-11 Jul, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Graduate Tracer System view_itprofile.php sql injection

A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /tracking/admin/view_itprofile.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-tamparongj03SourceCodestertamparongj_03
Product-online_graduate_tracer_systemOnline Graduate Tracer Systemonline_graduate_tracer_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7931
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 9.83%
||
7 Day CHG~0.00%
Published-19 Aug, 2024 | 22:00
Updated-18 Feb, 2025 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Graduate Tracer System view_csprofile.php sql injection

A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. This issue affects some unknown processing of the file /tracking/admin/view_csprofile.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-tamparongj03SourceCodestertamparongj_03
Product-online_graduate_tracer_systemOnline Graduate Tracer Systemonline_graduate_tracer_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7308
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.36%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 09:00
Updated-13 Aug, 2024 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Establishment Billing Management System view_bill.php sql injection

A vulnerability was found in SourceCodester Establishment Billing Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view_bill.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273200.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-establishment_billing_management_systemEstablishment Billing Management Systemestablishment_billing_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7373
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 40.36%
||
7 Day CHG~0.00%
Published-02 Aug, 2024 | 00:00
Updated-07 Aug, 2024 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Realtime Quiz System ajax.php sql injection

A vulnerability classified as critical has been found in SourceCodester Simple Realtime Quiz System 1.0. This affects an unknown part of the file /ajax.php?action=load_answered. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273357 was assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_realtime_quiz_systemSimple Realtime Quiz Systemsimple_realtime_quiz_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7949
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.28%
||
7 Day CHG~0.00%
Published-20 Aug, 2024 | 02:00
Updated-18 Feb, 2025 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Graduate Tracer System fetch_genderit.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Online Graduate Tracer System up to 1.0. Affected is an unknown function of the file /tracking/admin/fetch_genderit.php. The manipulation of the argument request leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-tamparongj03SourceCodestertamparongj_03
Product-online_graduate_tracer_systemOnline Graduate Tracer Systemonline_graduate_tracer_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7306
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.36%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 08:00
Updated-12 Aug, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Establishment Billing Management System manage_block.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Establishment Billing Management System 1.0. Affected is an unknown function of the file /manage_block.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273198 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-establishment_billing_management_systemEstablishment Billing Management Systemestablishment_billing_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7930
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.22%
||
7 Day CHG~0.00%
Published-19 Aug, 2024 | 22:00
Updated-03 Sep, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Clinics Patient Management System get_packings.php sql injection

A vulnerability has been found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pms/ajax/get_packings.php. The manipulation of the argument medicine_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-clinic_patient_management_systemClinics Patient Management Systemclinics_patient_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7290
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 34.11%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 06:00
Updated-13 Aug, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Establishment Billing Management System manage_tenant.php sql injection

A vulnerability classified as critical has been found in SourceCodester Establishment Billing Management System 1.0. This affects an unknown part of the file /manage_tenant.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273159.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-establishment_billing_management_systemEstablishment Billing Management Systemestablishment_billing_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7307
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.83%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 08:31
Updated-13 Aug, 2024 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Establishment Billing Management System manage_billing.php sql injection

A vulnerability has been found in SourceCodester Establishment Billing Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manage_billing.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273199.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-establishment_billing_management_systemEstablishment Billing Management Systemestablishment_billing_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7289
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.36%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 05:31
Updated-13 Aug, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Establishment Billing Management System manage_payment.php sql injection

A vulnerability was found in SourceCodester Establishment Billing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /manage_payment.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273158 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-establishment_billing_management_systemEstablishment Billing Management Systemestablishment_billing_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7287
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 32.44%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 04:31
Updated-12 Aug, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Establishment Billing Management System manage_user.php sql injection

A vulnerability was found in SourceCodester Establishment Billing Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273156.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-establishment_billing_management_systemEstablishment Billing Management Systemestablishment_billing_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7283
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 32.44%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 02:31
Updated-08 Aug, 2024 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Lot Reservation Management System manage_user.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Lot Reservation Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273152.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-lot_reservation_management_systemLot Reservation Management Systemlot_reservation_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7288
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 32.44%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 05:00
Updated-12 Aug, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Establishment Billing Management System sql injection

A vulnerability was found in SourceCodester Establishment Billing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_block. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273157 was assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-establishment_billing_management_systemEstablishment Billing Management Systemestablishment_billing_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7371
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 40.36%
||
7 Day CHG~0.00%
Published-01 Aug, 2024 | 23:00
Updated-07 Aug, 2024 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Realtime Quiz System quiz_view.php sql injection

A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /quiz_view.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273355.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_realtime_quiz_systemSimple Realtime Quiz Systemsimple_realtime_quiz_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7370
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.62%
||
7 Day CHG~0.00%
Published-01 Aug, 2024 | 22:31
Updated-07 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Realtime Quiz System manage_quiz.php sql injection

A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0. It has been classified as critical. Affected is an unknown function of the file /manage_quiz.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273354 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_realtime_quiz_systemSimple Realtime Quiz Systemsimple_realtime_quiz_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-8083
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 10.03%
||
7 Day CHG~0.00%
Published-22 Aug, 2024 | 22:00
Updated-27 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Computer and Laptop Store Master.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file /php-ocls/classes/Master.php?f=pay_order. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-online_computer_and_laptop_storeOnline Computer and Laptop Storeonline_computer_and_laptop_store
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7792
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.87%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 18:31
Updated-20 Aug, 2024 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Task Progress Tracker delete-task.php sql injection

A vulnerability was found in SourceCodester Task Progress Tracker 1.0. It has been classified as critical. Affected is an unknown function of the file /endpoint/delete-task.php. The manipulation of the argument task leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-remyandradeSourceCodester
Product-task_progress_trackerTask Progress Trackertask_progress_tracker
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6732
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 20.15%
||
7 Day CHG~0.00%
Published-14 Jul, 2024 | 22:31
Updated-26 Aug, 2024 | 05:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Student Study Center Desk Management System Users.php sql injection

A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. This vulnerability affects unknown code of the file /sscdms/classes/Users.php?f=save. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-student_study_center_desk_management_systemStudent Study Center Desk Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6215
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 22.39%
||
7 Day CHG~0.00%
Published-21 Jun, 2024 | 01:00
Updated-23 Aug, 2024 | 02:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Food Ordering Management System view-ticket-admin.php sql injection

A vulnerability was found in SourceCodester Food Ordering Management System up to 1.0. It has been rated as critical. This issue affects some unknown processing of the file view-ticket-admin.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269279.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-food_ordering_management_systemFood Ordering Management Systemfood_ordering_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6217
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 22.39%
||
7 Day CHG~0.00%
Published-21 Jun, 2024 | 02:00
Updated-23 Aug, 2024 | 02:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Food Ordering Management System user-router.php sql injection

A vulnerability classified as critical was found in SourceCodester Food Ordering Management System 1.0. Affected by this vulnerability is an unknown functionality of the file user-router.php. The manipulation of the argument 1_verified leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269281 was assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-food_ordering_management_systemFood Ordering Management Systemfood_ordering_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6652
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.88%
||
7 Day CHG~0.00%
Published-10 Jul, 2024 | 23:00
Updated-17 Oct, 2024 | 12:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Gym Management System manage_member.php sql injection

A vulnerability was found in itsourcecode Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file manage_member.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271059.

Action-Not Available
Vendor-ITSourceCodeAdrian Mercurio
Product-gym_management_systemGym Management Systemgym_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6214
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 22.39%
||
7 Day CHG~0.00%
Published-21 Jun, 2024 | 00:31
Updated-23 Aug, 2024 | 02:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Food Ordering Management System add-item.php sql injection

A vulnerability was found in SourceCodester Food Ordering Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file add-item.php. The manipulation of the argument price leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-269278 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-food_ordering_management_systemFood Ordering Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7198
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 32.44%
||
7 Day CHG~0.00%
Published-29 Jul, 2024 | 12:00
Updated-12 Aug, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Complaints Report Management System manage_station.php sql injection

A vulnerability classified as critical has been found in SourceCodester Complaints Report Management System 1.0. This affects an unknown part of the file /admin/manage_station.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272619.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-complaints_report_management_systemComplaints Report Management Systemcomplaints_report_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6905
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 22.39%
||
7 Day CHG-0.05%
Published-19 Jul, 2024 | 09:00
Updated-01 Aug, 2024 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Record Management System view_info_user.php sql injection

A vulnerability has been found in SourceCodester Record Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file view_info_user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-271930 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-jkevSourceCodester
Product-record_management_systemRecord Management Systemrecord_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7165
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 32.44%
||
7 Day CHG~0.00%
Published-28 Jul, 2024 | 17:31
Updated-12 Aug, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester School Fees Payment System view_payment.php sql injection

A vulnerability was found in SourceCodester School Fees Payment System 1.0 and classified as critical. This issue affects some unknown processing of the file /view_payment.php. The manipulation of the argument ef_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272579.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-school_fees_payment_systemSchool Fees Payment Systemschool_fees_payment_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6736
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.63%
||
7 Day CHG-0.02%
Published-15 Jul, 2024 | 00:31
Updated-21 Aug, 2024 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Employee and Visitor Gate Pass Logging System view_employee.php sql injection

A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. It has been rated as critical. This issue affects some unknown processing of the file view_employee.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271457 was assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-employee_and_visitor_gate_pass_logging_systemEmployee and Visitor Gate Pass Logging Systememployee_visitor_gatepass_logging_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7166
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 32.44%
||
7 Day CHG~0.00%
Published-28 Jul, 2024 | 18:00
Updated-12 Aug, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester School Fees Payment System receipt.php sql injection

A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been classified as critical. Affected is an unknown function of the file /receipt.php. The manipulation of the argument ef_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272580.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-school_fees_payment_systemSchool Fees Payment Systemschool_fees_payment_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7167
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 32.44%
||
7 Day CHG~0.00%
Published-28 Jul, 2024 | 18:31
Updated-12 Aug, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester School Fees Payment System manage_course.php sql injection

A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /manage_course.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272581 was assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-school_fees_payment_systemSchool Fees Payment Systemschool_fees_payment_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6906
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 22.39%
||
7 Day CHG-0.05%
Published-19 Jul, 2024 | 09:31
Updated-01 Aug, 2024 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Record Management System add_leave_non_user.php sql injection

A vulnerability was found in SourceCodester Record Management System 1.0 and classified as critical. This issue affects some unknown processing of the file add_leave_non_user.php. The manipulation of the argument LSS leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271931.

Action-Not Available
Vendor-jkevSource Code & ProjectsSourceCodester
Product-record_management_systemRecord Management Systemrecord_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6902
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.65%
||
7 Day CHG-0.09%
Published-19 Jul, 2024 | 07:31
Updated-01 Aug, 2024 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Record Management System sort_user.php sql injection

A vulnerability classified as critical was found in SourceCodester Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file sort_user.php. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271927.

Action-Not Available
Vendor-jkevSourceCodester
Product-record_management_systemRecord Management Systemrecord_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6731
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 20.15%
||
7 Day CHG~0.00%
Published-14 Jul, 2024 | 22:00
Updated-26 Aug, 2024 | 05:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Student Study Center Desk Management System Master.php sql injection

A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. This affects an unknown part of the file /Master.php?f=save_student. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-student_study_center_desk_management_systemStudent Study Center Desk Management Systemstudent_study_center_desk_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7168
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 32.44%
||
7 Day CHG~0.00%
Published-28 Jul, 2024 | 19:00
Updated-12 Aug, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester School Fees Payment System manage_user.php sql injection

A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272582 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-school_fees_payment_systemSchool Fees Payment Systemschool_fees_payment_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6904
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 22.39%
||
7 Day CHG-0.05%
Published-19 Jul, 2024 | 08:31
Updated-01 Aug, 2024 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Record Management System sort2_user.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Record Management System 1.0. This affects an unknown part of the file sort2_user.php. The manipulation of the argument qualification leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271929 was assigned to this vulnerability.

Action-Not Available
Vendor-jkevSourceCodester
Product-record_management_systemRecord Management Systemrecord_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7197
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 32.44%
||
7 Day CHG~0.00%
Published-29 Jul, 2024 | 11:31
Updated-12 Aug, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Complaints Report Management System manage_complaint.php sql injection

A vulnerability was found in SourceCodester Complaints Report Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/manage_complaint.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272618 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-complaints_report_management_systemComplaints Report Management Systemcomplaints_report_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6903
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.65%
||
7 Day CHG-0.09%
Published-19 Jul, 2024 | 08:00
Updated-01 Aug, 2024 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Record Management System sort1_user.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Record Management System 1.0. Affected by this issue is some unknown functionality of the file sort1_user.php. The manipulation of the argument position leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271928.

Action-Not Available
Vendor-jkevSourceCodester
Product-record_management_systemRecord Management Systemrecord_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7199
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 34.11%
||
7 Day CHG~0.00%
Published-29 Jul, 2024 | 12:31
Updated-12 Aug, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Complaints Report Management System manage_user.php sql injection

A vulnerability classified as critical was found in SourceCodester Complaints Report Management System 1.0. This vulnerability affects unknown code of the file /admin/manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272620.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-complaints_report_management_systemComplaints Report Management Systemcomplaints_report_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6900
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.65%
||
7 Day CHG-0.09%
Published-19 Jul, 2024 | 06:31
Updated-01 Aug, 2024 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Record Management System edit_emp.php sql injection

A vulnerability was found in SourceCodester Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file edit_emp.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271925 was assigned to this vulnerability.

Action-Not Available
Vendor-jkevSourceCodester
Product-record_management_systemRecord Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5985
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 6.87%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 02:00
Updated-07 Mar, 2025 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best Online News Portal index.php sql injection

A vulnerability classified as critical has been found in SourceCodester Best Online News Portal 1.0. This affects an unknown part of the file /admin/index.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268461 was assigned to this vulnerability.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-best_online_news_portalBest Online News Portalbest_online_news_portal
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5051
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 9.65%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 14:31
Updated-10 Feb, 2025 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Gas Agency Management System edituser.php sql injection

A vulnerability has been found in SourceCodester Gas Agency Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file edituser.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264748.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-gas_agency_management_systemGas Agency Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3617
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.07% / 21.46%
||
7 Day CHG~0.00%
Published-11 Apr, 2024 | 02:00
Updated-28 Jan, 2025 | 21:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Kortex Lite Advocate Office Management System deactivate_case.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This issue affects some unknown processing of the file /control/deactivate_case.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260273 was assigned to this vulnerability.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-advocate_office_management_systemKortex Lite Advocate Office Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 21
  • 22
  • Next
Details not found