Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-36673

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-07 Jun, 2024 | 12:56
Updated At-13 Feb, 2025 | 15:59
Rejected At-
Credits

Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password parameters, allowing attackers to inject malicious SQL queries.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:07 Jun, 2024 | 12:56
Updated At:13 Feb, 2025 | 15:59
Rejected At:
▼CVE Numbering Authority (CNA)

Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password parameters, allowing attackers to inject malicious SQL queries.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/CveSecLook/cve/issues/39
N/A
Hyperlink: https://github.com/CveSecLook/cve/issues/39
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/CveSecLook/cve/issues/39
x_transferred
Hyperlink: https://github.com/CveSecLook/cve/issues/39
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
SourceCodestersourcecodester
Product
pharmacymedical_store_point_of_sale_system
CPEs
  • cpe:2.3:a:sourcecodester:pharmacymedical_store_point_of_sale_system:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 1.0
Problem Types
TypeCWE IDDescription
CWECWE-89CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Type: CWE
CWE ID: CWE-89
Description: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:07 Jun, 2024 | 13:15
Updated At:16 Aug, 2024 | 18:35

Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password parameters, allowing attackers to inject malicious SQL queries.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
pharmacy\/medical_store_point_of_sale_system_project
pharmacy\/medical_store_point_of_sale_system_project
>>pharmacy\/medical_store_point_of_sale_system>>1.0
cpe:2.3:a:pharmacy\/medical_store_point_of_sale_system_project:pharmacy\/medical_store_point_of_sale_system:1.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Primarynvd@nist.gov
CWE-89Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-89
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-89
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/CveSecLook/cve/issues/39cve@mitre.org
Exploit
Issue Tracking
Third Party Advisory
Hyperlink: https://github.com/CveSecLook/cve/issues/39
Source: cve@mitre.org
Resource:
Exploit
Issue Tracking
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

5114Records found
CVE-2024-40472
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 25.40%
||
7 Day CHG~0.00%
Published-09 Aug, 2024 | 00:00
Updated-15 Aug, 2024 | 13:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sourcecodester Daily Calories Monitoring Tool v1.0 is vulnerable to SQL Injection via "delete-calorie.php."

Action-Not Available
Vendor-n/aremyandradeSourceCodester
Product-daily_calories_monitoring_tooln/adaily_calories_monitoring_tool
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-9974
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 32.48%
||
7 Day CHG~0.00%
Published-15 Oct, 2024 | 09:31
Updated-15 Oct, 2024 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Eyewear Shop POST Request Master.php sql injection

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file classes/Master.php?f=add_to_card of the component POST Request Handler. The manipulation of the argument product_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-online_eyewear_shopOnline Eyewear Shoponline_eyewear_shop
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2556
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 17.27%
||
7 Day CHG~0.00%
Published-17 Mar, 2024 | 08:00
Updated-18 Feb, 2025 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Employee Task Management System attendance-info.php sql injection

A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been classified as critical. This affects an unknown part of the file attendance-info.php. The manipulation of the argument user_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257055.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-employee_task_management_systemEmployee Task Management Systememployee_task_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-8346
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.64%
||
7 Day CHG~0.00%
Published-30 Aug, 2024 | 20:31
Updated-04 Sep, 2024 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Computer Laboratory Management System SystemSettings.php update_settings_info sql injection

A vulnerability classified as critical has been found in SourceCodester Computer Laboratory Management System 1.0. Affected is the function update_settings_info of the file /classes/SystemSettings.php?f=update_settings. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-computer_laboratory_management_systemComputer Laboratory Management Systemcomputer_laboratory_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7376
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.34%
||
7 Day CHG~0.00%
Published-02 Aug, 2024 | 01:31
Updated-09 Aug, 2024 | 11:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Realtime Quiz System print_quiz_records.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Simple Realtime Quiz System 1.0. Affected is an unknown function of the file /print_quiz_records.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273360.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_realtime_quiz_systemSimple Realtime Quiz Systemsimple_realtime_quiz_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7640
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.31%
||
7 Day CHG~0.00%
Published-09 Aug, 2024 | 14:00
Updated-15 Aug, 2024 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Kortex Lite Advocate Office Management System delete_register.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This issue affects some unknown processing of the file delete_register.php. The manipulation of the argument case_register_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-advocate_office_management_systemKortex Lite Advocate Office Management Systemkortex_lite_advocate_office_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7494
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 32.41%
||
7 Day CHG~0.00%
Published-05 Aug, 2024 | 23:00
Updated-19 Aug, 2024 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Clinics Patient Management System new_prescription.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Clinics Patient Management System 1.0. Affected by this issue is some unknown functionality of the file /new_prescription.php. The manipulation of the argument patient leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273620.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-clinic\'s_patient_management_systemClinics Patient Management Systemclinics_patient_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7223
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 32.41%
||
7 Day CHG~0.00%
Published-30 Jul, 2024 | 07:31
Updated-23 Aug, 2024 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Lot Reservation Management System view_model.php sql injection

A vulnerability has been found in SourceCodester Lot Reservation Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view_model.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272803.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-lot_reservation_management_systemLot Reservation Management Systemlot_reservation_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7798
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 12.08%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 23:00
Updated-03 Sep, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Online Bidding System ajax.php sql injection

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/bidding/admin/ajax.php?action=login2. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_online_bidding_systemSimple Online Bidding Systemsimple_online_bidding_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7643
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 34.01%
||
7 Day CHG~0.00%
Published-09 Aug, 2024 | 15:00
Updated-15 Aug, 2024 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Leads Manager Tool Delete Leads delete-leads.php sql injection

A vulnerability was found in SourceCodester Leads Manager Tool 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /endpoint/delete-leads.php of the component Delete Leads Handler. The manipulation of the argument leads leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-remyandradeSourceCodester
Product-leads_manager_toolLeads Manager Toolleads_manager_tool
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7378
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 32.41%
||
7 Day CHG~0.00%
Published-02 Aug, 2024 | 02:31
Updated-09 Aug, 2024 | 11:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Realtime Quiz System manage_question.php sql injection

A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /manage_question.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273362 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_realtime_quiz_systemSimple Realtime Quiz Systemsimple_realtime_quiz_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7224
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 34.09%
||
7 Day CHG~0.00%
Published-30 Jul, 2024 | 08:00
Updated-23 Aug, 2024 | 14:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Lot Reservation Management System lot_details.php sql injection

A vulnerability was found in SourceCodester Lot Reservation Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /lot_details.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272804.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-lot_reservation_management_systemLot Reservation Management Systemlot_reservation_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7639
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.31%
||
7 Day CHG~0.00%
Published-09 Aug, 2024 | 14:00
Updated-15 Aug, 2024 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Kortex Lite Advocate Office Management System delete_act.php sql injection

A vulnerability classified as critical was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This vulnerability affects unknown code of the file delete_act.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-advocate_office_management_systemKortex Lite Advocate Office Management Systemkortex_lite_advocate_office_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7641
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.31%
||
7 Day CHG~0.00%
Published-09 Aug, 2024 | 14:31
Updated-15 Aug, 2024 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Kortex Lite Advocate Office Management System deactivate_act.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected is an unknown function of the file deactivate_act.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-advocate_office_management_systemKortex Lite Advocate Office Management Systemkortex_lite_advocate_office_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7286
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.13% / 32.98%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 04:00
Updated-12 Aug, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Establishment Billing Management System Login sql injection

A vulnerability was found in SourceCodester Establishment Billing Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/ajax.php?action=login of the component Login. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273155.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-establishment_billing_management_systemEstablishment Billing Management Systemestablishment_billing_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-8080
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 31.45%
||
7 Day CHG~0.00%
Published-22 Aug, 2024 | 21:00
Updated-17 Oct, 2024 | 14:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Health Care System search.php sql injection

A vulnerability classified as critical has been found in SourceCodester Online Health Care System 1.0. Affected is an unknown function of the file search.php. The manipulation of the argument f_name with the input 1%' or 1=1 ) UNION SELECT 1,2,3,4,5,database(),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23# as part of string leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-online_health_care_system_projectSourceCodester
Product-online_health_care_systemOnline Health Care Systemonline_health_care_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7638
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.31%
||
7 Day CHG~0.00%
Published-09 Aug, 2024 | 13:31
Updated-15 Aug, 2024 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Kortex Lite Advocate Office Management System delete_client.php sql injection

A vulnerability classified as critical has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This affects an unknown part of the file delete_client.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-advocate_office_management_systemKortex Lite Advocate Office Management Systemkortex_lite_advocate_office_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6802
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 42.40%
||
7 Day CHG+0.11%
Published-17 Jul, 2024 | 02:00
Updated-26 Aug, 2024 | 05:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Computer Laboratory Management System Master.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Computer Laboratory Management System 1.0. Affected is an unknown function of the file /lms/classes/Master.php?f=save_record. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-computer_laboratory_management_systemComputer Laboratory Management Systemcomputer_laboratory_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5976
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 9.86%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:00
Updated-16 Aug, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Employee and Visitor Gate Pass Logging System log_employee sql injection

A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. It has been classified as critical. Affected is the function log_employee of the file /classes/Master.php?f=log_employee. The manipulation of the argument employee_code leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268422 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-employee_and_visitor_gate_pass_logging_systemEmployee and Visitor Gate Pass Logging Systememployee_visitor_gatepass_logging_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5378
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 25.54%
||
7 Day CHG~0.00%
Published-26 May, 2024 | 21:31
Updated-10 Feb, 2025 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester School Intramurals Student Attendance Management System manage_sy.php sql injection

A vulnerability was found in SourceCodester School Intramurals Student Attendance Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manage_sy.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-266290 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-school_intramurals_-_student_attendance_management_systemSchool Intramurals Student Attendance Management Systemschool_instramurals
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-52675
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.13% / 33.36%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 00:00
Updated-24 Apr, 2025 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SourceCodester Sentiment Based Movie Rating System 1.0 is vulnerable to SQL Injection in /msrps/movies.php.

Action-Not Available
Vendor-n/aSourceCodesteroretnom23
Product-sentiment_based_movie_rating_systemn/asentiment_based_movie_rating_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5118
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.09% / 25.69%
||
7 Day CHG~0.00%
Published-20 May, 2024 | 05:00
Updated-10 Feb, 2025 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Event Registration System login.php sql injection

A vulnerability has been found in SourceCodester Event Registration System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-265198 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-event_registration_systemEvent Registration Systemevent_registration_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-50766
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.20% / 42.63%
||
7 Day CHG+0.02%
Published-07 Nov, 2024 | 00:00
Updated-22 Apr, 2025 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SourceCodester Survey Application System 1.0 is vulnerable to SQL Injection in takeSurvey.php via the id parameter.

Action-Not Available
Vendor-n/aSourceCodesteroretnom23
Product-survey_application_systemn/asurvey_application_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5122
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.11% / 29.48%
||
7 Day CHG~0.00%
Published-20 May, 2024 | 07:00
Updated-10 Feb, 2025 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Event Registration System sql injection

A vulnerability was found in SourceCodester Event Registration System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /registrar/. The manipulation of the argument search leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-265202 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-event_registration_systemEvent Registration Systemevent_registration_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5119
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 29.49%
||
7 Day CHG~0.00%
Published-20 May, 2024 | 05:31
Updated-10 Feb, 2025 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Event Registration System sql injection

A vulnerability was found in SourceCodester Event Registration System 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Master.php?f=load_registration. The manipulation of the argument last_id/event_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265199.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-event_registration_systemEvent Registration Systemevent_registration_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-8347
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.25% / 48.05%
||
7 Day CHG~0.00%
Published-30 Aug, 2024 | 21:31
Updated-04 Sep, 2024 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Computer Laboratory Management System Master.php delete_record sql injection

A vulnerability classified as critical was found in SourceCodester Computer Laboratory Management System 1.0. Affected by this vulnerability is the function delete_record of the file /classes/Master.php?f=delete_record. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-computer_laboratory_management_systemComputer Laboratory Management Systemcomputer_laboratory_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7375
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.34%
||
7 Day CHG~0.00%
Published-02 Aug, 2024 | 01:00
Updated-09 Aug, 2024 | 11:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Realtime Quiz System my_quiz_result.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Simple Realtime Quiz System 1.0. This issue affects some unknown processing of the file /my_quiz_result.php. The manipulation of the argument quiz leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273359.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_realtime_quiz_systemSimple Realtime Quiz Systemsimple_realtime_quiz_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-44812
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-15.28% / 94.35%
||
7 Day CHG~0.00%
Published-22 Oct, 2024 | 00:00
Updated-25 Oct, 2024 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component.

Action-Not Available
Vendor-n/ajanobeSourceCodester
Product-online_complaint_siten/aonline_complaint_site
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7281
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 32.41%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 01:31
Updated-08 Aug, 2024 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Lot Reservation Management System sql injection

A vulnerability classified as critical has been found in SourceCodester Lot Reservation Management System 1.0. Affected is an unknown function of the file /admin/index.php?page=manage_lot. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273150 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-lot_reservation_management_systemLot Reservation Management Systemlot_reservation_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7642
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.31%
||
7 Day CHG~0.00%
Published-09 Aug, 2024 | 15:00
Updated-15 Aug, 2024 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Kortex Lite Advocate Office Management System activate_act.php sql injection

A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file activate_act.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-advocate_office_management_systemKortex Lite Advocate Office Management Systemkortex_lite_advocate_office_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3349
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.05% / 16.16%
||
7 Day CHG+0.01%
Published-05 Apr, 2024 | 17:00
Updated-11 Feb, 2025 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Aplaya Beach Resort Online Reservation System login.php sql injection

A vulnerability classified as critical was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/login.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259453 was assigned to this vulnerability.

Action-Not Available
Vendor-SourceCodesterjanobe
Product-aplaya_beach_resort_online_reservation_systemAplaya Beach Resort Online Reservation Systemaplaya_beach_resort_online_reservation_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3356
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.05% / 16.16%
||
7 Day CHG+0.01%
Published-05 Apr, 2024 | 21:00
Updated-11 Feb, 2025 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Aplaya Beach Resort Online Reservation System sql injection

A vulnerability was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin/mod_settings/controller.php?action=add. The manipulation of the argument type leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259460.

Action-Not Available
Vendor-SourceCodesterjanobe
Product-aplaya_beach_resort_online_reservation_systemAplaya Beach Resort Online Reservation Systemaplaya_beach_resort_online_reservation_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3252
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.11% / 30.72%
||
7 Day CHG+0.03%
Published-03 Apr, 2024 | 10:00
Updated-10 Feb, 2025 | 22:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Internship Portal Management System check_admin.php sql injection

A vulnerability classified as critical has been found in SourceCodester Internship Portal Management System 1.0. This affects an unknown part of the file admin/check_admin.php. The manipulation of the argument username/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259101 was assigned to this vulnerability.

Action-Not Available
Vendor-chatikoboSourceCodester
Product-internship_portal_management_systemInternship Portal Management Systeminternship_portal_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3948
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.19% / 41.06%
||
7 Day CHG~0.00%
Published-18 Apr, 2024 | 11:00
Updated-10 Feb, 2025 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Home Clean Service System Photo student.add.php unrestricted upload

A vulnerability was found in SourceCodester Home Clean Service System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file \admin\student.add.php of the component Photo Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261440.

Action-Not Available
Vendor-library_system_projectSourceCodester
Product-library_systemHome Clean Service Systemhome_cleaning_service_system
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-36568
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 31.16%
||
7 Day CHG~0.00%
Published-03 Jun, 2024 | 13:25
Updated-11 Apr, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sourcecodester Gas Agency Management System v1.0 is vulnerable to SQL Injection via /gasmark/editbrand.php?id=.

Action-Not Available
Vendor-n/aSourceCodestermayuri_k
Product-gas_agency_management_systemn/agas_agency_management_system
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-3376
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.21% / 43.26%
||
7 Day CHG+0.05%
Published-06 Apr, 2024 | 11:31
Updated-26 Feb, 2025 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Computer Laboratory Management System config.php redirect

A vulnerability classified as critical has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part of the file config.php. The manipulation of the argument url leads to execution after redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259497 was assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-computer_laboratory_management_systemComputer Laboratory Management Systemcomputer_laboratory_management_system
CWE ID-CWE-698
Execution After Redirect (EAR)
CWE ID-CWE-670
Always-Incorrect Control Flow Implementation
CVE-2024-30849
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.47% / 89.82%
||
7 Day CHG+1.37%
Published-05 Apr, 2024 | 00:00
Updated-05 May, 2025 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Arbitrary file upload vulnerability in Sourcecodester Complete E-Commerce Site v1.0, allows remote attackers to execute arbitrary code via filename parameter in admin/products_photo.php.

Action-Not Available
Vendor-donbermoyn/aSourceCodester
Product-complete_e-commerce_siten/acomplete_ecommerce_site
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2024-2849
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.08% / 24.00%
||
7 Day CHG~0.00%
Published-23 Mar, 2024 | 17:31
Updated-18 Feb, 2025 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple File Manager unrestricted upload

A vulnerability classified as critical was found in SourceCodester Simple File Manager 1.0. This vulnerability affects unknown code. The manipulation of the argument photo leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257770 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-ganeshrktSourceCodester
Product-simple_file_manager_web_appSimple File Managersimple_file_manager
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-27747
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-19.13% / 95.12%
||
7 Day CHG-5.49%
Published-01 Mar, 2024 | 00:00
Updated-28 Mar, 2025 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email Image parameter in the profile.php component.

Action-Not Available
Vendor-n/amayuri_kSourceCodester
Product-petrol_pump_managementn/apetrol_pump_management
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-2571
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.15% / 36.18%
||
7 Day CHG~0.00%
Published-18 Mar, 2024 | 00:31
Updated-20 Feb, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Employee Task Management System manage-admin.php redirect

A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manage-admin.php. The manipulation leads to execution after redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257074 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-employee_task_management_systemEmployee Task Management Systememployee_task_management_system
CWE ID-CWE-698
Execution After Redirect (EAR)
CVE-2024-2575
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.04% / 10.26%
||
7 Day CHG~0.00%
Published-18 Mar, 2024 | 02:00
Updated-20 Feb, 2025 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Employee Task Management System task-details.php authorization

A vulnerability, which was classified as critical, has been found in SourceCodester Employee Task Management System 1.0. Affected by this issue is some unknown functionality of the file /task-details.php. The manipulation of the argument task_id leads to authorization bypass. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257078 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-employee_task_management_systemEmployee Task Management Systememployee_task_management_system
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-2570
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.15% / 36.18%
||
7 Day CHG~0.00%
Published-18 Mar, 2024 | 00:00
Updated-20 Feb, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Employee Task Management System edit-task.php redirect

A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been classified as critical. This affects an unknown part of the file /edit-task.php. The manipulation leads to execution after redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257073 was assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-employee_task_management_systemEmployee Task Management Systememployee_task_management_system
CWE ID-CWE-698
Execution After Redirect (EAR)
CVE-2024-2577
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.04% / 13.17%
||
7 Day CHG~0.00%
Published-18 Mar, 2024 | 02:31
Updated-20 Feb, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Employee Task Management System update-employee.php authorization

A vulnerability has been found in SourceCodester Employee Task Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /update-employee.php. The manipulation of the argument admin_id leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257080.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-employee_task_management_systemEmployee Task Management Systememployee_task_management_system
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-10371
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.28% / 51.33%
||
7 Day CHG~0.00%
Published-25 Oct, 2024 | 01:31
Updated-30 Oct, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Payroll Management System main login buffer overflow

A vulnerability classified as critical has been found in SourceCodester Payroll Management System 1.0. This affects the function login of the file main. The manipulation leads to buffer overflow. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-razormistSourceCodester
Product-payroll_management_systemPayroll Management Systempayroll_management_system
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-11054
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 39.23%
||
7 Day CHG+0.01%
Published-10 Nov, 2024 | 09:31
Updated-14 Nov, 2024 | 02:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Music Cloud Community System ajax.php unrestricted upload

A vulnerability classified as critical was found in SourceCodester Simple Music Cloud Community System 1.0. This vulnerability affects unknown code of the file /music/ajax.php?action=signup. The manipulation of the argument pp leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_music_cloud_community_systemSimple Music Cloud Community Systemsimple_music_cloud_community_system
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-4191
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 19.73%
||
7 Day CHG~0.00%
Published-06 Aug, 2023 | 23:00
Updated-09 Oct, 2024 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Resort Reservation System index.php file inclusion

A vulnerability, which was classified as critical, has been found in SourceCodester Resort Reservation System 1.0. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-236234 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-resort_reservation_system_projectSourceCodester
Product-resort_reservation_systemResort Reservation Systemresort_reservation_system
CWE ID-CWE-73
External Control of File Name or Path
CVE-2025-29708
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.11% / 29.33%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 00:00
Updated-21 Apr, 2025 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SourceCodester Company Website CMS 1.0 contains a file upload vulnerability via the "Create Services" file /dashboard/Services.

Action-Not Available
Vendor-n/aSourceCodester
Product-company_website_cmsn/a
CWE ID-CWE-73
External Control of File Name or Path
CVE-2025-29709
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.11% / 29.33%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 00:00
Updated-21 Apr, 2025 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SourceCodester Company Website CMS 1.0 has a File upload vulnerability via the "Create portfolio" file /dashboard/portfolio.

Action-Not Available
Vendor-n/aSourceCodester
Product-company_website_cmsn/a
CWE ID-CWE-73
External Control of File Name or Path
CVE-2024-4927
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.14% / 34.87%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 02:31
Updated-09 Dec, 2024 | 22:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Online Bidding System unrestricted upload

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/admin/ajax.php?action=save_product. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264463.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_online_bidding_systemSimple Online Bidding Systemsimple_online_bidding_system
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-46377
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-46.13% / 97.56%
||
7 Day CHG~0.00%
Published-18 Sep, 2024 | 00:00
Updated-16 Apr, 2025 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the save_settings() function of the file rental/admin_class.php.

Action-Not Available
Vendor-n/aSourceCodestermayuri_k
Product-best_house_rental_management_systemn/abest_house_rental_management_system
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 102
  • 103
  • Next
Details not found