Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-10760

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-04 Nov, 2024 | 04:31
Updated At-04 Nov, 2024 | 17:42
Rejected At-
Credits

code-projects University Event Management System dodelete.php sql injection

A vulnerability was found in code-projects University Event Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dodelete.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:04 Nov, 2024 | 04:31
Updated At:04 Nov, 2024 | 17:42
Rejected At:
▼CVE Numbering Authority (CNA)
code-projects University Event Management System dodelete.php sql injection

A vulnerability was found in code-projects University Event Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dodelete.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Affected Products
Vendor
Source Code & Projectscode-projects
Product
University Event Management System
Versions
Affected
  • 1.0
Problem Types
TypeCWE IDDescription
CWECWE-89SQL Injection
Type: CWE
CWE ID: CWE-89
Description: SQL Injection
Metrics
VersionBase scoreBase severityVector
4.05.3MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3.06.3MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2.06.5N/A
AV:N/AC:L/Au:S/C:P/I:P/A:P
Version: 4.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Version: 3.0
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Version: 2.0
Base score: 6.5
Base severity: N/A
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
Murphy (VulDB User)
analyst
Murphy (VulDB User)
Timeline
EventDate
Advisory disclosed2024-11-03 00:00:00
Exploit disclosed2024-11-03 00:00:00
VulDB entry created2024-11-03 01:00:00
VulDB entry last update2024-11-03 18:31:11
Event: Advisory disclosed
Date: 2024-11-03 00:00:00
Event: Exploit disclosed
Date: 2024-11-03 00:00:00
Event: VulDB entry created
Date: 2024-11-03 01:00:00
Event: VulDB entry last update
Date: 2024-11-03 18:31:11
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.282929
vdb-entry
technical-description
https://vuldb.com/?ctiid.282929
signature
permissions-required
https://vuldb.com/?submit.436442
third-party-advisory
https://github.com/MurphyEutopia/cve/blob/main/sql15.md
exploit
https://code-projects.org/
product
Hyperlink: https://vuldb.com/?id.282929
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/?ctiid.282929
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/?submit.436442
Resource:
third-party-advisory
Hyperlink: https://github.com/MurphyEutopia/cve/blob/main/sql15.md
Resource:
exploit
Hyperlink: https://code-projects.org/
Resource:
product
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
Source Code & Projectscode-projects
Product
university_event_management_system
CPEs
  • cpe:2.3:a:code-projects:university_event_management_system:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 1.0
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:04 Nov, 2024 | 05:15
Updated At:05 Nov, 2024 | 19:45

A vulnerability was found in code-projects University Event Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dodelete.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.05.3MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Secondary3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Secondary2.06.5MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
Type: Secondary
Version: 4.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Type: Secondary
Version: 2.0
Base score: 6.5
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
CPE Matches
anisha
anisha
>>university_event_management_system>>1.0
cpe:2.3:a:anisha:university_event_management_system:1.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Primarycna@vuldb.com
CWE ID: CWE-89
Type: Primary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://code-projects.org/cna@vuldb.com
Product
https://github.com/MurphyEutopia/cve/blob/main/sql15.mdcna@vuldb.com
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.282929cna@vuldb.com
Permissions Required
VDB Entry
https://vuldb.com/?id.282929cna@vuldb.com
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.436442cna@vuldb.com
Third Party Advisory
VDB Entry
Hyperlink: https://code-projects.org/
Source: cna@vuldb.com
Resource:
Product
Hyperlink: https://github.com/MurphyEutopia/cve/blob/main/sql15.md
Source: cna@vuldb.com
Resource:
Exploit
Third Party Advisory
Hyperlink: https://vuldb.com/?ctiid.282929
Source: cna@vuldb.com
Resource:
Permissions Required
VDB Entry
Hyperlink: https://vuldb.com/?id.282929
Source: cna@vuldb.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://vuldb.com/?submit.436442
Source: cna@vuldb.com
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

5043Records found
CVE-2024-12948
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 21.24%
||
7 Day CHG~0.00%
Published-26 Dec, 2024 | 11:00
Updated-03 Apr, 2025 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Travel Management System detail.php sql injection

A vulnerability was found in code-projects Travel Management System 1.0. It has been classified as critical. This affects an unknown part of the file /detail.php. The manipulation of the argument pid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-travel_management_systemTravel Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-12936
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 23.28%
||
7 Day CHG~0.00%
Published-26 Dec, 2024 | 05:00
Updated-17 Apr, 2025 | 02:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Simple Admin Panel catDeleteController.php sql injection

A vulnerability, which was classified as critical, has been found in code-projects Simple Admin Panel 1.0. This issue affects some unknown processing of the file catDeleteController.php. The manipulation of the argument record leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-simple_admin_panelSimple Admin Panel
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-12949
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 21.24%
||
7 Day CHG~0.00%
Published-26 Dec, 2024 | 11:31
Updated-03 Apr, 2025 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Travel Management System package.php sql injection

A vulnerability was found in code-projects Travel Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /package.php. The manipulation of the argument subcatid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-travel_management_systemTravel Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-12978
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.13% / 31.28%
||
7 Day CHG~0.00%
Published-27 Dec, 2024 | 04:00
Updated-18 Feb, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Job Recruitment _all_edits.php add_req sql injection

A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as critical. This vulnerability affects the function add_req of the file /_parse/_all_edits.php. The manipulation of the argument jid/limit leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-job_recruitmentJob Recruitment
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-13008
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 25.71%
||
7 Day CHG~0.00%
Published-29 Dec, 2024 | 09:31
Updated-23 Oct, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Responsive Hotel Site newsletter.php sql injection

A vulnerability has been found in code-projects Responsive Hotel Site 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/newsletter.php. The manipulation of the argument eid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Fabian RosSource Code & Projects
Product-responsive_hotel_siteResponsive Hotel Site
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-13036
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 17.54%
||
7 Day CHG~0.00%
Published-30 Dec, 2024 | 03:00
Updated-23 Oct, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Chat System update_room.php sql injection

A vulnerability was found in code-projects Chat System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/update_room.php. The manipulation of the argument id/name/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Fabian RosSource Code & Projects
Product-chat_systemChat System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-12931
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 23.28%
||
7 Day CHG~0.00%
Published-26 Dec, 2024 | 02:31
Updated-03 Apr, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Simple Admin Panel addCatController.php sql injection

A vulnerability was found in code-projects Simple Admin Panel 1.0. It has been classified as critical. Affected is an unknown function of the file /addCatController.php. The manipulation of the argument size leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-simple_admin_panelSimple Admin Panel
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-12950
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 18.65%
||
7 Day CHG~0.00%
Published-26 Dec, 2024 | 12:00
Updated-18 May, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects/projectworlds Travel Management System subcat.php sql injection

A vulnerability was found in code-projects/projectworlds Travel Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /subcat.php. The manipulation of the argument catid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & ProjectsProjectworlds
Product-travel_management_systemTravel Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-12939
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 19.31%
||
7 Day CHG~0.00%
Published-26 Dec, 2024 | 06:31
Updated-18 Feb, 2025 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Job Recruitment _all_edits.php add_edu sql injection

A vulnerability was found in code-projects Job Recruitment 1.0. It has been rated as critical. This issue affects the function add_edu of the file /_parse/_all_edits.php. The manipulation of the argument degree leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-job_recruitmentJob Recruitment
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-13035
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 21.24%
||
7 Day CHG~0.00%
Published-30 Dec, 2024 | 02:31
Updated-06 Jan, 2025 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Chat System update_user.php sql injection

A vulnerability has been found in code-projects Chat System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/update_user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-chat_systemChat System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2025-4021
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 33.34%
||
7 Day CHG~0.00%
Published-28 Apr, 2025 | 13:00
Updated-14 May, 2025 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Patient Record Management System edit_spatient.php sql injection

A vulnerability was found in code-projects Patient Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /edit_spatient.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-patient_record_management_systemPatient Record Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-13020
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 21.24%
||
7 Day CHG~0.00%
Published-29 Dec, 2024 | 19:00
Updated-03 Apr, 2025 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Chat System chatroom.php sql injection

A vulnerability classified as critical was found in code-projects Chat System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/chatroom.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-chat_systemChat System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-13092
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 23.56%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 08:31
Updated-03 Apr, 2025 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Job Recruitment Job Post search_ajax.php sql injection

A vulnerability classified as critical was found in code-projects Job Recruitment 1.0. This vulnerability affects unknown code of the file /_parse/_call_job/search_ajax.php of the component Job Post Handler. The manipulation of the argument n leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-job_recruitmentJob Recruitment
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-12934
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 23.28%
||
7 Day CHG~0.00%
Published-26 Dec, 2024 | 04:00
Updated-03 Apr, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Simple Admin Panel updateItemController.php sql injection

A vulnerability classified as critical has been found in code-projects Simple Admin Panel 1.0. This affects an unknown part of the file updateItemController.php. The manipulation of the argument p_desk leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-simple_admin_panelSimple Admin Panel
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-12929
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 23.28%
||
7 Day CHG~0.00%
Published-26 Dec, 2024 | 00:00
Updated-03 Apr, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Student Management System addCatController.php sql injection

A vulnerability has been found in code-projects Student Management System 1.0.00 and classified as critical. This vulnerability affects unknown code of the file /addCatController.php. The manipulation of the argument size leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-student_management_systemStudent Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-12890
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 18.46%
||
7 Day CHG~0.00%
Published-22 Dec, 2024 | 06:00
Updated-03 Apr, 2025 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Exam Mastering System update.php sql injection

A vulnerability was found in code-projects Online Exam Mastering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /update.php?q=quiz&step=2. The manipulation of the argument eid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-online_exam_mastering_systemOnline Exam Mastering System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-13093
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 23.56%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 09:00
Updated-03 Apr, 2025 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Job Recruitment Seeker Profile _call_main_search_ajax.php sql injection

A vulnerability, which was classified as critical, has been found in code-projects Job Recruitment 1.0. This issue affects some unknown processing of the file /_parse/_call_main_search_ajax.php of the component Seeker Profile Handler. The manipulation of the argument s1 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-job_recruitmentJob Recruitment
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-12935
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 23.28%
||
7 Day CHG~0.00%
Published-26 Dec, 2024 | 04:31
Updated-17 Apr, 2025 | 02:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Simple Admin Panel editItemForm.php sql injection

A vulnerability classified as critical was found in code-projects Simple Admin Panel 1.0. This vulnerability affects unknown code of the file editItemForm.php. The manipulation of the argument record leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-simple_admin_panelSimple Admin Panel
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-12938
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 17.31%
||
7 Day CHG~0.00%
Published-26 Dec, 2024 | 06:00
Updated-26 Dec, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Simple Admin Panel updateOrderStatus.php sql injection

A vulnerability has been found in code-projects Simple Admin Panel 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file updateOrderStatus.php. The manipulation of the argument record leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-Simple Admin Panel
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2024-11998
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 24.46%
||
7 Day CHG~0.00%
Published-30 Nov, 2024 | 09:31
Updated-04 Dec, 2024 | 21:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Farmacia visualizer-forneccedor.chp sql injection

A vulnerability was found in code-projects Farmacia 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /visualizer-forneccedor.chp. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-farmacia_projectSource Code & Projects
Product-farmaciaFarmaciafarmacia
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2024-12487
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.25% / 47.80%
||
7 Day CHG+0.07%
Published-11 Dec, 2024 | 21:00
Updated-12 Dec, 2024 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Class and Exam Scheduling System room_update.php sql injection

A vulnerability has been found in code-projects Online Class and Exam Scheduling System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pages/room_update.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & ProjectsFabian Ros
Product-online_class_and_exam_scheduling_systemOnline Class and Exam Scheduling System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2024-12490
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 40.21%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 22:31
Updated-07 Apr, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Class and Exam Scheduling System teacher_save.php sql injection

A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /pages/teacher_save.php. The manipulation of the argument salut leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Action-Not Available
Vendor-Source Code & Projects
Product-online_class_and_exam_scheduling_systemOnline Class and Exam Scheduling System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-12486
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.25% / 47.80%
||
7 Day CHG+0.07%
Published-11 Dec, 2024 | 20:31
Updated-12 Dec, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Class and Exam Scheduling System rank_update.php sql injection

A vulnerability, which was classified as critical, was found in code-projects Online Class and Exam Scheduling System 1.0. Affected is an unknown function of the file /pages/rank_update.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & ProjectsFabian Ros
Product-online_class_and_exam_scheduling_systemOnline Class and Exam Scheduling System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2024-12489
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.25% / 47.80%
||
7 Day CHG+0.07%
Published-11 Dec, 2024 | 22:00
Updated-12 Dec, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Class and Exam Scheduling System term.php sql injection

A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been classified as critical. This affects an unknown part of the file /pages/term.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & ProjectsFabian Ros
Product-online_class_and_exam_scheduling_systemOnline Class and Exam Scheduling System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2024-12485
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.25% / 47.80%
||
7 Day CHG+0.07%
Published-11 Dec, 2024 | 20:31
Updated-12 Dec, 2024 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Class and Exam Scheduling System department.php sql injection

A vulnerability, which was classified as critical, has been found in code-projects Online Class and Exam Scheduling System 1.0. This issue affects some unknown processing of the file /pages/department.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & ProjectsFabian Ros
Product-online_class_and_exam_scheduling_systemOnline Class and Exam Scheduling System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2024-12360
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.40%
||
7 Day CHG+0.05%
Published-09 Dec, 2024 | 05:00
Updated-10 Dec, 2024 | 23:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Class and Exam Scheduling System class_update.php sql injection

A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been rated as critical. This issue affects some unknown processing of the file class_update.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-online_class_and_exam_scheduling_system_projectSource Code & Projects
Product-online_class_and_exam_scheduling_systemOnline Class and Exam Scheduling Systemonline_class_and_exam_scheduling_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2025-3968
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.22% / 43.92%
||
7 Day CHG~0.00%
Published-27 Apr, 2025 | 11:00
Updated-30 Apr, 2025 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
codeprojects News Publishing Site Dashboard api.php sql injection

A vulnerability was found in codeprojects News Publishing Site Dashboard 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /api.php. The manipulation of the argument cat_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-codeprojectsSource Code & Projects
Product-news_publishing_site_dashboardNews Publishing Site Dashboard
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-11968
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 14.05%
||
7 Day CHG~0.00%
Published-28 Nov, 2024 | 18:00
Updated-03 Dec, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Farmacia pagamento.php sql injection

A vulnerability was found in code-projects Farmacia up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file pagamento.php. The manipulation of the argument notaFiscal leads to sql injection. The attack can be launched remotely.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-farmaciaFarmaciafarmacia
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2024-11244
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 33.59%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 15:31
Updated-20 Nov, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Farmacia editar-cliente.php sql injection

A vulnerability classified as critical was found in code-projects Farmacia 1.0. This vulnerability affects unknown code of the file /editar-cliente.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-farmaciaFarmaciafarmacia
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2024-11241
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.17% / 37.44%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 14:31
Updated-20 Nov, 2024 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Job Recruitment reset.php sql injection

A vulnerability was found in code-projects Job Recruitment 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file reset.php. The manipulation of the argument e leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-job_recruitmentJob Recruitmentjob_recruitment
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2024-10989
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 24.46%
||
7 Day CHG~0.00%
Published-08 Nov, 2024 | 04:00
Updated-13 Nov, 2024 | 00:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects E-Health Care System detail.php sql injection

A vulnerability classified as critical has been found in code-projects E-Health Care System 1.0. This affects an unknown part of the file /Admin/detail.php. The manipulation of the argument s_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory confuses the vulnerability class of this issue.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-e-health_care_systemE-Health Care Systeme-health_care_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2024-10409
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 28.16%
||
7 Day CHG~0.00%
Published-27 Oct, 2024 | 02:31
Updated-23 Oct, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Blood Bank Management accept.php sql injection

A vulnerability was found in code-projects Blood Bank Management 1.0 and classified as critical. This issue affects some unknown processing of the file /file/accept.php. The manipulation of the argument reqid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Fabian RosSource Code & Projects
Product-blood_bank_management_systemBlood Bank Managementblood_bank_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-10417
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 28.16%
||
7 Day CHG~0.00%
Published-27 Oct, 2024 | 13:00
Updated-23 Oct, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Blood Bank Management System delete.php sql injection

A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /file/delete.php. The manipulation of the argument bid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Fabian RosSource Code & Projects
Product-blood_bank_management_systemBlood Bank Management Systemblood_bank_management_systems
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-3685
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 41.43%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 11:00
Updated-28 May, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Patient Record Management System edit_fpatient.php sql injection

A vulnerability classified as critical has been found in code-projects Patient Record Management System 1.0. Affected is an unknown function of the file /edit_fpatient.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-patient_record_management_systemPatient Record Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-10740
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 27.84%
||
7 Day CHG~0.00%
Published-03 Nov, 2024 | 19:31
Updated-05 Nov, 2024 | 20:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects E-Health Care System consulting_detail.php sql injection

A vulnerability, which was classified as critical, was found in code-projects E-Health Care System up to 1.0. This affects an unknown part of the file /Admin/consulting_detail.php. The manipulation of the argument consulting_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-e-health_care_systemE-Health Care Systeme-health_care_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-10808
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 19.07%
||
7 Day CHG~0.00%
Published-05 Nov, 2024 | 01:00
Updated-06 Nov, 2024 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects E-Health Care System req_detail.php sql injection

A vulnerability has been found in code-projects E-Health Care System 1.0 and classified as critical. This vulnerability affects unknown code of the file Admin/req_detail.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-e-health_care_systemE-Health Care Systeme-health_care_system
CWE ID-CWE-707
Improper Neutralization
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2024-10137
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 26.49%
||
7 Day CHG~0.00%
Published-19 Oct, 2024 | 12:31
Updated-22 Oct, 2024 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Pharmacy Management System manage_medicine.php sql injection

A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /manage_medicine.php?action=delete. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-pharmacy_management_systemPharmacy Management Systempharmacy_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-10138
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 26.49%
||
7 Day CHG~0.00%
Published-19 Oct, 2024 | 13:00
Updated-22 Oct, 2024 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Pharmacy Management System add_new_purchase.php sql injection

A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. Affected is an unknown function of the file /add_new_purchase.php?action=is_supplier. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-pharmacy_management_systemPharmacy Management Systempharmacy_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-10809
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 19.07%
||
7 Day CHG~0.00%
Published-05 Nov, 2024 | 01:31
Updated-06 Nov, 2024 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects E-Health Care System chat.php sql injection

A vulnerability was found in code-projects E-Health Care System 1.0 and classified as critical. This issue affects some unknown processing of the file /Doctor/chat.php. The manipulation of the argument name/message leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "name" to be affected. But it must be assumed that the parameter "message" is affected as well.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-e-health_care_systemE-Health Care Systeme-health_care_system
CWE ID-CWE-707
Improper Neutralization
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2024-10415
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 19.80%
||
7 Day CHG~0.00%
Published-27 Oct, 2024 | 11:31
Updated-23 Oct, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Blood Bank Management System accept.php sql injection

A vulnerability has been found in code-projects Blood Bank Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /file/accept.php. The manipulation of the argument reqid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Fabian Rosoretnom23Source Code & Projects
Product-blood_bank_management_systemBlood Bank Management Systemblood_bank_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-10021
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.25% / 47.80%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 12:00
Updated-21 Oct, 2024 | 13:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Pharmacy Management System manage_purchase.php sql injection

A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /php/manage_purchase.php?action=search&tag=VOUCHER_NUMBER. The manipulation of the argument text leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-pharmacy_management_systemPharmacy Management Systempharmacy_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-11127
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 40.94%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 15:00
Updated-15 Nov, 2024 | 17:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Job Recruitment admin.php sql injection

A vulnerability was found in code-projects Job Recruitment up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin.php. The manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-job_recruitmentJob Recruitmentjob_recruitment
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2024-10700
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 26.49%
||
7 Day CHG~0.00%
Published-02 Nov, 2024 | 16:00
Updated-05 Nov, 2024 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects University Event Management System submit.php sql injection

A vulnerability was found in code-projects University Event Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file submit.php. The manipulation of the argument name/email/title/Year/gender/fromdate/todate/people leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "name" to be affected. But it must be assumed that a variety of other parameters is affected too.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-university_event_management_systemUniversity Event Management Systemuniversity_event_management_system
CWE ID-CWE-707
Improper Neutralization
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2024-10023
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 41.45%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 13:00
Updated-21 Oct, 2024 | 13:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Pharmacy Management System add_new_medicine.php sql injection

A vulnerability classified as critical was found in code-projects Pharmacy Management System 1.0. This vulnerability affects unknown code of the file /php/add_new_medicine.php. The manipulation of the argument name/packing/generic_name/suppliers_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-pharmacy_management_systemPharmacy Management Systempharmacy_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-10140
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-23.49% / 96.00%
||
7 Day CHG~0.00%
Published-19 Oct, 2024 | 14:31
Updated-22 Oct, 2024 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Pharmacy Management System manage_supplier.php sql injection

A vulnerability, which was classified as critical, has been found in code-projects Pharmacy Management System 1.0. Affected by this issue is some unknown functionality of the file /manage_supplier.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-pharmacy_management_systemPharmacy Management Systempharmacy_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-10196
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 33.31%
||
7 Day CHG~0.00%
Published-21 Oct, 2024 | 00:00
Updated-23 Oct, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Pharmacy Management System add_new_invoice.php sql injection

A vulnerability was found in code-projects Pharmacy Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /add_new_invoice.php. The manipulation of the argument text leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-pharmacy_management_systemPharmacy Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-10170
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 27.84%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 04:00
Updated-23 Oct, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Hospital Management System get_doctor.php sql injection

A vulnerability, which was classified as critical, has been found in code-projects Hospital Management System 1.0. This issue affects some unknown processing of the file get_doctor.php. The manipulation of the argument specilizationid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Fabian RosSource Code & Projects
Product-hospital_management_systemHospital Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-10810
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 18.75%
||
7 Day CHG~0.00%
Published-05 Nov, 2024 | 02:00
Updated-06 Nov, 2024 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects E-Health Care System app_request.php sql injection

A vulnerability was found in code-projects E-Health Care System 1.0. It has been classified as critical. Affected is an unknown function of the file Doctor/app_request.php. The manipulation of the argument app_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-e-health_care_systemE-Health Care Systeme-health_care_system
CWE ID-CWE-707
Improper Neutralization
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2024-0473
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 15.94%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 21:31
Updated-03 Jun, 2025 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Dormitory Management System comment.php sql injection

A vulnerability classified as critical has been found in code-projects Dormitory Management System 1.0. Affected is an unknown function of the file comment.php. The manipulation of the argument com leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250578 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-Source Code & Projects
Product-dormitory_management_systemDormitory Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-0489
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 15.94%
||
7 Day CHG~0.00%
Published-13 Jan, 2024 | 13:31
Updated-17 Jun, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Fighting Cock Information System edit_chicken.php sql injection

A vulnerability was found in code-projects Fighting Cock Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/action/edit_chicken.php. The manipulation of the argument ref leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250594 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-Source Code & Projects
Product-fighting_cock_information_systemFighting Cock Information System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 100
  • 101
  • Next
Details not found