Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-3059

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-02 Jun, 2023 | 13:00
Updated At-02 Aug, 2024 | 06:41
Rejected At-
Credits

SourceCodester Online Exam Form Submission update_s6.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Online Exam Form Submission 1.0. This affects an unknown part of the file /admin/update_s6.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230565 was assigned to this vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:02 Jun, 2023 | 13:00
Updated At:02 Aug, 2024 | 06:41
Rejected At:
▼CVE Numbering Authority (CNA)
SourceCodester Online Exam Form Submission update_s6.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Online Exam Form Submission 1.0. This affects an unknown part of the file /admin/update_s6.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230565 was assigned to this vulnerability.

Affected Products
Vendor
SourceCodesterSourceCodester
Product
Online Exam Form Submission
Versions
Affected
  • 1.0
Problem Types
TypeCWE IDDescription
CWECWE-89CWE-89 SQL Injection
Type: CWE
CWE ID: CWE-89
Description: CWE-89 SQL Injection
Metrics
VersionBase scoreBase severityVector
3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3.06.3MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2.06.5N/A
AV:N/AC:L/Au:S/C:P/I:P/A:P
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Version: 3.0
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Version: 2.0
Base score: 6.5
Base severity: N/A
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
analyst
HaoL (VulDB User)
Timeline
EventDate
Advisory disclosed2023-06-02 00:00:00
CVE reserved2023-06-02 00:00:00
VulDB entry created2023-06-02 02:00:00
VulDB entry last update2023-06-29 11:01:40
Event: Advisory disclosed
Date: 2023-06-02 00:00:00
Event: CVE reserved
Date: 2023-06-02 00:00:00
Event: VulDB entry created
Date: 2023-06-02 02:00:00
Event: VulDB entry last update
Date: 2023-06-29 11:01:40
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.230565
vdb-entry
technical-description
https://vuldb.com/?ctiid.230565
signature
permissions-required
https://github.com/Aiiimer/requestCVE/blob/main/SQL.md
exploit
Hyperlink: https://vuldb.com/?id.230565
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/?ctiid.230565
Resource:
signature
permissions-required
Hyperlink: https://github.com/Aiiimer/requestCVE/blob/main/SQL.md
Resource:
exploit
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.230565
vdb-entry
technical-description
x_transferred
https://vuldb.com/?ctiid.230565
signature
permissions-required
x_transferred
https://github.com/Aiiimer/requestCVE/blob/main/SQL.md
exploit
x_transferred
Hyperlink: https://vuldb.com/?id.230565
Resource:
vdb-entry
technical-description
x_transferred
Hyperlink: https://vuldb.com/?ctiid.230565
Resource:
signature
permissions-required
x_transferred
Hyperlink: https://github.com/Aiiimer/requestCVE/blob/main/SQL.md
Resource:
exploit
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:02 Jun, 2023 | 13:15
Updated At:17 May, 2024 | 02:27

A vulnerability, which was classified as critical, was found in SourceCodester Online Exam Form Submission 1.0. This affects an unknown part of the file /admin/update_s6.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230565 was assigned to this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Secondary2.06.5MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Type: Secondary
Version: 2.0
Base score: 6.5
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
CPE Matches
online_exam_form_submission_project
online_exam_form_submission_project
>>online_exam_form_submission>>1.0
cpe:2.3:a:online_exam_form_submission_project:online_exam_form_submission:1.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Primarycna@vuldb.com
CWE ID: CWE-89
Type: Primary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/Aiiimer/requestCVE/blob/main/SQL.mdcna@vuldb.com
Exploit
https://vuldb.com/?ctiid.230565cna@vuldb.com
Third Party Advisory
https://vuldb.com/?id.230565cna@vuldb.com
Third Party Advisory
Hyperlink: https://github.com/Aiiimer/requestCVE/blob/main/SQL.md
Source: cna@vuldb.com
Resource:
Exploit
Hyperlink: https://vuldb.com/?ctiid.230565
Source: cna@vuldb.com
Resource:
Third Party Advisory
Hyperlink: https://vuldb.com/?id.230565
Source: cna@vuldb.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

7668Records found
CVE-2024-5515
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 5.83%
||
7 Day CHG~0.00%
Published-30 May, 2024 | 13:00
Updated-10 Feb, 2025 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Stock Management System createBrand.php sql injection

A vulnerability was found in SourceCodester Stock Management System 1.0. It has been classified as critical. Affected is an unknown function of the file createBrand.php. The manipulation of the argument brandName leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266586 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-warrendaloyanSourceCodester
Product-stock_management_systemStock Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5378
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 25.54%
||
7 Day CHG~0.00%
Published-26 May, 2024 | 21:31
Updated-10 Feb, 2025 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester School Intramurals Student Attendance Management System manage_sy.php sql injection

A vulnerability was found in SourceCodester School Intramurals Student Attendance Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manage_sy.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-266290 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-school_intramurals_-_student_attendance_management_systemSchool Intramurals Student Attendance Management Systemschool_instramurals
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5365
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 5.15%
||
7 Day CHG~0.00%
Published-26 May, 2024 | 13:00
Updated-10 Feb, 2025 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best House Rental Management System manage_payment.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Best House Rental Management System up to 1.0. This affects an unknown part of the file manage_payment.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266277 was assigned to this vulnerability.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-best_house_rental_management_systemBest House Rental Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5362
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.08% / 25.52%
||
7 Day CHG~0.00%
Published-26 May, 2024 | 11:31
Updated-10 Feb, 2025 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Hospital Management System departmentDoctor.php sql injection

A vulnerability classified as critical has been found in SourceCodester Online Hospital Management System 1.0. Affected is an unknown function of the file departmentDoctor.php. The manipulation of the argument deptid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266274 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-warrendaloyanSourceCodester
Product-online_hospital_management_systemOnline Hospital Management Systemonline_hospital_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5093
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 13.13%
||
7 Day CHG~0.00%
Published-18 May, 2024 | 18:31
Updated-10 Feb, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best House Rental Management System login.php sql injection

A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265072.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-best_house_rental_management_systemBest House Rental Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5117
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.08% / 25.36%
||
7 Day CHG~0.00%
Published-20 May, 2024 | 04:31
Updated-10 Feb, 2025 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Event Registration System portal.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. This affects an unknown part of the file portal.php. The manipulation of the argument username/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265197 was assigned to this vulnerability.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-event_registration_systemEvent Registration System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5120
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 29.50%
||
7 Day CHG~0.00%
Published-20 May, 2024 | 06:00
Updated-10 Feb, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Event Registration System sql injection

A vulnerability was found in SourceCodester Event Registration System 1.0. It has been classified as critical. Affected is an unknown function of the file /registrar/?page=registration. The manipulation of the argument e leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265200.

Action-Not Available
Vendor-event_registration_system_projectSourceCodesteroretnom23
Product-event_registration_systemEvent Registration Systemevent_registration_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5118
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.09% / 25.70%
||
7 Day CHG~0.00%
Published-20 May, 2024 | 05:00
Updated-10 Feb, 2025 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Event Registration System login.php sql injection

A vulnerability has been found in SourceCodester Event Registration System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-265198 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-event_registration_systemEvent Registration Systemevent_registration_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5046
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.09% / 25.70%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 13:00
Updated-10 Feb, 2025 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Examination System registeracc.php sql injection

A vulnerability was found in SourceCodester Online Examination System 1.0. It has been rated as critical. This issue affects some unknown processing of the file registeracc.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264743.

Action-Not Available
Vendor-warrendaloyanSourceCodester
Product-online_examination_systemOnline Examination System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-4945
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 37.32%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 05:00
Updated-10 Feb, 2025 | 13:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best Courier Management System view_parcel.php unrestricted upload

A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file view_parcel.php. The manipulation of the argument id leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264480.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-best_courier_management_systemBest Courier Management System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-4925
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 5.24%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 01:31
Updated-10 Feb, 2025 | 13:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester School Intramurals Student Attendance Management System manage_course.php sql injection

A vulnerability was found in SourceCodester School Intramurals Student Attendance Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /intrams_sams/manage_course.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264461 was assigned to this vulnerability.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-school_intramurals_-_student_attendance_management_systemSchool Intramurals Student Attendance Management Systemschool_instramurals
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6899
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 22.35%
||
7 Day CHG-0.06%
Published-19 Jul, 2024 | 05:00
Updated-21 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Record Management System view_info.php sql injection

A vulnerability was found in SourceCodester Record Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file view_info.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271924.

Action-Not Available
Vendor-jkevSourceCodester
Product-record_management_systemRecord Management Systemrecord_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-4967
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 43.20%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 08:31
Updated-10 Feb, 2025 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Interactive Map with Marker delete-mark.php sql injection

A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /endpoint/delete-mark.php. The manipulation of the argument mark leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264535.

Action-Not Available
Vendor-remyandradeSourceCodester
Product-interactive_map_with_markerInteractive Map with Marker
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-4798
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 18.09%
||
7 Day CHG+0.01%
Published-12 May, 2024 | 13:31
Updated-11 Feb, 2025 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Computer and Laptop Store manage_brand.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file /admin/maintenance/manage_brand.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263918 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-online_computer_and_laptop_storeOnline Computer and Laptop Store
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-0946
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.04% / 12.73%
||
7 Day CHG~0.00%
Published-21 Feb, 2023 | 20:05
Updated-12 Mar, 2025 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best POS Management System sql injection

A vulnerability has been found in SourceCodester Best POS Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file billing/index.php?id=9. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The identifier VDB-221593 was assigned to this vulnerability.

Action-Not Available
Vendor-best_pos_management_system_projectSourceCodester
Product-best_pos_management_systemBest POS Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-4933
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.28%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 05:00
Updated-09 Dec, 2024 | 22:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Online Bidding System sql injection

A vulnerability has been found in SourceCodester Simple Online Bidding System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/admin/index.php?page=manage_product. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264469 was assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_online_bidding_systemSimple Online Bidding System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-4558
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 17.79%
||
7 Day CHG~0.00%
Published-27 Aug, 2023 | 22:31
Updated-02 Aug, 2024 | 07:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Inventory Management System staff_data.php sql injection

A vulnerability classified as critical was found in SourceCodester Inventory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file staff_data.php. The manipulation of the argument columns[0][data] leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238159.

Action-Not Available
Vendor-inventory_management_system_projectSourceCodester
Product-inventory_management_systemInventory Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-4931
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.28%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 04:31
Updated-09 Dec, 2024 | 22:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Online Bidding System sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Simple Online Bidding System 1.0. This issue affects some unknown processing of the file /simple-online-bidding-system/admin/index.php?page=view_udet. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264467.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_online_bidding_systemSimple Online Bidding Systemsimple_online_bidding_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3439
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.04% / 10.41%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 11:31
Updated-10 Feb, 2025 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Prison Management System login.php sql injection

A vulnerability was found in SourceCodester Prison Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /Account/login.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259692.

Action-Not Available
Vendor-fast5SourceCodesteroretnom23
Product-prison_management_systemPrison Management Systemprison_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3420
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 16.22%
||
7 Day CHG+0.01%
Published-07 Apr, 2024 | 11:00
Updated-17 Jan, 2025 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Courseware saveedit.php sql injection

A vulnerability was found in SourceCodester Online Courseware 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/saveedit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259592.

Action-Not Available
Vendor-argieSourceCodester
Product-online_coursewareOnline Courseware
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3424
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.10% / 27.89%
||
7 Day CHG+0.03%
Published-07 Apr, 2024 | 15:31
Updated-17 Jan, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Courseware listscore.php sql injection

A vulnerability classified as critical has been found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file admin/listscore.php. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259596.

Action-Not Available
Vendor-argieSourceCodester
Product-online_coursewareOnline Coursewareonline_courseware
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3418
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 15.75%
||
7 Day CHG+0.01%
Published-07 Apr, 2024 | 09:31
Updated-26 Feb, 2025 | 18:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Courseware deactivateteach.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file admin/deactivateteach.php. The manipulation of the argument selector leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259590 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-argieSourceCodester
Product-online_coursewareOnline Coursewareonline_courseware
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3416
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.11% / 30.39%
||
7 Day CHG+0.03%
Published-07 Apr, 2024 | 03:31
Updated-17 Jan, 2025 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Courseware editt.php sql injection

A vulnerability classified as critical was found in SourceCodester Online Courseware 1.0. This vulnerability affects unknown code of the file admin/editt.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259588.

Action-Not Available
Vendor-argieSourceCodester
Product-online_coursewareOnline Coursewareonline_courseware
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3445
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.04% / 11.82%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 15:31
Updated-17 Jan, 2025 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Laundry Management System laporan_filter sql injection

A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /karyawan/laporan_filter. The manipulation of the argument data_karyawan leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259702 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-laundry_management_system_projectoretnom23SourceCodester
Product-laundry_shop_management_systemLaundry Management Systemlaundry_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3438
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.04% / 10.41%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 11:00
Updated-10 Feb, 2025 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Prison Management System login.php sql injection

A vulnerability was found in SourceCodester Prison Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /Admin/login.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259691.

Action-Not Available
Vendor-fast5SourceCodester
Product-prison_management_systemPrison Management Systemprison_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3464
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.04% / 11.27%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 20:00
Updated-17 Jan, 2025 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Laundry Management System Pelanggan.php laporan_filter sql injection

A vulnerability was found in SourceCodester Laundry Management System 1.0 and classified as critical. This issue affects the function laporan_filter of the file /application/controller/Pelanggan.php. The manipulation of the argument jeniskelamin leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259745 was assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-laundry_shop_management_systemLaundry Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3441
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.04% / 10.41%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 14:00
Updated-10 Feb, 2025 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Prison Management System edit-profile.php sql injection

A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Employee/edit-profile.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259694 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-fast5SourceCodesteroretnom23
Product-prison_management_systemPrison Management Systemprison_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-4556
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 16.22%
||
7 Day CHG~0.00%
Published-27 Aug, 2023 | 06:31
Updated-02 Aug, 2024 | 07:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Graduate Tracer System sexit.php mysqli_query sql injection

A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. Affected by this issue is the function mysqli_query of the file sexit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-238154 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-tamparongj_03SourceCodester
Product-online_graduate_tracer_systemOnline Graduate Tracer System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3442
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.04% / 10.41%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 14:31
Updated-10 Feb, 2025 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Prison Management System delete_leave.php sql injection

A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. This affects an unknown part of the file /Employee/delete_leave.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259695.

Action-Not Available
Vendor-fast5SourceCodester
Product-prison_management_systemPrison Management Systemprison_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3465
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.04% / 11.27%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 20:31
Updated-17 Jan, 2025 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Laundry Management System Transaki.php laporan_filter sql injection

A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been classified as critical. Affected is the function laporan_filter of the file /application/controller/Transaki.php. The manipulation of the argument dari/sampai leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259746 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-laundry_shop_management_systemLaundry Management Systemlaundry_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3422
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.08% / 23.97%
||
7 Day CHG+0.02%
Published-07 Apr, 2024 | 13:31
Updated-17 Jan, 2025 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Courseware activatestud.php sql injection

A vulnerability was found in SourceCodester Online Courseware 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/activatestud.php. The manipulation of the argument selector leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259594 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-argieSourceCodester
Product-online_coursewareOnline Coursewareonline_courseware
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3423
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 16.27%
||
7 Day CHG+0.01%
Published-07 Apr, 2024 | 14:31
Updated-31 Jan, 2025 | 01:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Courseware activateteach.php sql injection

A vulnerability was found in SourceCodester Online Courseware 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/activateteach.php. The manipulation of the argument selector leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259595.

Action-Not Available
Vendor-argieSourceCodester
Product-online_coursewareOnline Coursewareonline_courseware
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3425
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.04% / 13.14%
||
7 Day CHG+0.01%
Published-07 Apr, 2024 | 16:00
Updated-17 Jan, 2025 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Courseware activateall.php sql injection

A vulnerability classified as critical was found in SourceCodester Online Courseware 1.0. Affected by this vulnerability is an unknown functionality of the file admin/activateall.php. The manipulation of the argument selector leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259597 was assigned to this vulnerability.

Action-Not Available
Vendor-argieSourceCodester
Product-online_coursewareOnline Coursewareonline_courseware
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3359
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.14% / 33.98%
||
7 Day CHG+0.04%
Published-06 Apr, 2024 | 04:00
Updated-10 Feb, 2025 | 23:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Library System login.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Online Library System 1.0. This issue affects some unknown processing of the file admin/login.php. The manipulation of the argument user_email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259463.

Action-Not Available
Vendor-janobeSourceCodester
Product-online_library_systemOnline Library Systemonline_library_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3316
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.11% / 30.35%
||
7 Day CHG+0.03%
Published-04 Apr, 2024 | 21:31
Updated-17 Jan, 2025 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Computer Laboratory Management System view_category.php sql injection

A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/category/view_category.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259387.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-computer_laboratory_management_systemComputer Laboratory Management Systemcomputer_laboratory_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3257
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.12% / 31.93%
||
7 Day CHG+0.03%
Published-03 Apr, 2024 | 13:00
Updated-10 Feb, 2025 | 23:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Internship Portal Management System edit_activity_query.php sql injection

A vulnerability was found in SourceCodester Internship Portal Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/edit_activity_query.php. The manipulation of the argument title/description/start/end leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259106 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-chatikoboSourceCodester
Product-internship_portal_management_systemInternship Portal Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3348
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.05% / 16.15%
||
7 Day CHG+0.01%
Published-05 Apr, 2024 | 16:31
Updated-11 Feb, 2025 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Aplaya Beach Resort Online Reservation System index.php sql injection

A vulnerability classified as critical has been found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. Affected is an unknown function of the file booking/index.php. The manipulation of the argument log_email/log_pword leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259452.

Action-Not Available
Vendor-SourceCodesterjanobe
Product-aplaya_beach_resort_online_reservation_systemAplaya Beach Resort Online Reservation Systemaplaya_beach_resort_online_reservation_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3315
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.11% / 30.73%
||
7 Day CHG+0.03%
Published-04 Apr, 2024 | 21:00
Updated-17 Jan, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Computer Laboratory Management System user.php sql injection

A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0. It has been classified as critical. Affected is an unknown function of the file classes/user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259386 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-computer_laboratory_management_systemComputer Laboratory Management Systemcomputer_laboratory_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3255
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 13.95%
||
7 Day CHG+0.01%
Published-03 Apr, 2024 | 12:00
Updated-10 Feb, 2025 | 23:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Internship Portal Management System edit_admin_query.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Internship Portal Management System 1.0. Affected is an unknown function of the file admin/edit_admin_query.php. The manipulation of the argument username/password/name/admin_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259104.

Action-Not Available
Vendor-chatikobointernship_portal_management_system_projectSourceCodester
Product-internship_portal_management_systemInternship Portal Management Systeminternship_portal_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3350
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.05% / 16.15%
||
7 Day CHG+0.01%
Published-05 Apr, 2024 | 17:31
Updated-11 Feb, 2025 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Aplaya Beach Resort Online Reservation System index.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. Affected by this issue is some unknown functionality of the file admin/mod_room/index.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259454 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-SourceCodesterjanobe
Product-aplaya_beach_resort_online_reservation_systemAplaya Beach Resort Online Reservation Systemaplaya_beach_resort_online_reservation_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3258
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.12% / 31.93%
||
7 Day CHG+0.03%
Published-03 Apr, 2024 | 13:00
Updated-10 Feb, 2025 | 23:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Internship Portal Management System add_activity.php sql injection

A vulnerability was found in SourceCodester Internship Portal Management System 1.0. It has been classified as critical. This affects an unknown part of the file admin/add_activity.php. The manipulation of the argument title/description/start/end leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259107.

Action-Not Available
Vendor-chatikobointernship_portal_management_system_projectSourceCodester
Product-internship_portal_management_systemInternship Portal Management Systeminternship_portal_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3352
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.05% / 16.15%
||
7 Day CHG+0.01%
Published-05 Apr, 2024 | 19:00
Updated-11 Feb, 2025 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Aplaya Beach Resort Online Reservation System index.php sql injection

A vulnerability has been found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file admin/mod_comments/index.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259456.

Action-Not Available
Vendor-SourceCodesterjanobe
Product-aplaya_beach_resort_online_reservation_systemAplaya Beach Resort Online Reservation Systemaplaya_beach_resort_online_reservation_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3355
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.05% / 16.15%
||
7 Day CHG+0.01%
Published-05 Apr, 2024 | 20:31
Updated-11 Feb, 2025 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Aplaya Beach Resort Online Reservation System sql injection

A vulnerability was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin/mod_users/controller.php?action=add. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259459.

Action-Not Available
Vendor-SourceCodesterjanobe
Product-aplaya_beach_resort_online_reservation_systemAplaya Beach Resort Online Reservation Systemaplaya_beach_resort_online_reservation_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3256
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.12% / 31.93%
||
7 Day CHG+0.03%
Published-03 Apr, 2024 | 12:31
Updated-27 Feb, 2025 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Internship Portal Management System edit_activity.php sql injection

A vulnerability has been found in SourceCodester Internship Portal Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin/edit_activity.php. The manipulation of the argument activity_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259105 was assigned to this vulnerability.

Action-Not Available
Vendor-chatikoboSourceCodester
Product-internship_portal_management_systemInternship Portal Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3259
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.11% / 30.10%
||
7 Day CHG+0.03%
Published-03 Apr, 2024 | 13:31
Updated-10 Feb, 2025 | 23:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Internship Portal Management System delete_activity.php sql injection

A vulnerability was found in SourceCodester Internship Portal Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/delete_activity.php. The manipulation of the argument activity_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259108.

Action-Not Available
Vendor-chatikobointernship_portal_management_system_projectSourceCodester
Product-internship_portal_management_systemInternship Portal Management Systeminternship_portal_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3354
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.05% / 16.15%
||
7 Day CHG+0.01%
Published-05 Apr, 2024 | 20:00
Updated-11 Feb, 2025 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Aplaya Beach Resort Online Reservation System index.php sql injection

A vulnerability was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. It has been classified as critical. Affected is an unknown function of the file admin/mod_users/index.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259458 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-SourceCodesterjanobe
Product-aplaya_beach_resort_online_reservation_systemAplaya Beach Resort Online Reservation Systemaplaya_beach_resort_online_reservation_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3314
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.15% / 36.49%
||
7 Day CHG+0.04%
Published-04 Apr, 2024 | 21:00
Updated-22 Jan, 2025 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Computer Laboratory Management System Users.php sql injection

A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Users.php. The manipulation leads to sql injection. The attack may be initiated remotely. The identifier VDB-259385 was assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-computer_laboratory_management_systemComputer Laboratory Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3360
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.14% / 33.98%
||
7 Day CHG+0.04%
Published-06 Apr, 2024 | 04:31
Updated-10 Feb, 2025 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Library System index.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Online Library System 1.0. Affected is an unknown function of the file admin/books/index.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259464.

Action-Not Available
Vendor-janobeSourceCodester
Product-online_library_systemOnline Library Systemonline_library_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3222
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.10% / 28.54%
||
7 Day CHG+0.03%
Published-03 Apr, 2024 | 00:00
Updated-01 Aug, 2024 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester PHP Task Management System admin-password-change.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester PHP Task Management System 1.0. This issue affects some unknown processing of the file admin-password-change.php. The manipulation of the argument admin_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259067.

Action-Not Available
Vendor-SourceCodester
Product-PHP Task Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3225
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.12% / 31.25%
||
7 Day CHG+0.03%
Published-03 Apr, 2024 | 02:00
Updated-18 Feb, 2025 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester PHP Task Management System edit-task.php sql injection

A vulnerability was found in SourceCodester PHP Task Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file edit-task.php. The manipulation of the argument task_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259070 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-SourceCodestermayuri_k
Product-php_task_management_systemPHP Task Management Systemphp_task_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 153
  • 154
  • Next
Details not found