Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-40402

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-17 Jul, 2024 | 00:00
Updated At-02 Aug, 2024 | 04:33
Rejected At-
Credits

A SQL injection vulnerability was found in 'ajax.php' of Sourcecodester Simple Library Management System 1.0. This vulnerability stems from insufficient user input validation of the 'username' parameter, allowing attackers to inject malicious SQL queries.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:17 Jul, 2024 | 00:00
Updated At:02 Aug, 2024 | 04:33
Rejected At:
▼CVE Numbering Authority (CNA)

A SQL injection vulnerability was found in 'ajax.php' of Sourcecodester Simple Library Management System 1.0. This vulnerability stems from insufficient user input validation of the 'username' parameter, allowing attackers to inject malicious SQL queries.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/CveSecLook/cve/issues/49
N/A
Hyperlink: https://github.com/CveSecLook/cve/issues/49
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
SourceCodestersourcecodester
Product
simple_library_management_system
CPEs
  • cpe:2.3:a:sourcecodester:simple_library_management_system:1.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 1.0
Problem Types
TypeCWE IDDescription
CWECWE-89CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Type: CWE
CWE ID: CWE-89
Description: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Metrics
VersionBase scoreBase severityVector
3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/CveSecLook/cve/issues/49
x_transferred
Hyperlink: https://github.com/CveSecLook/cve/issues/49
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:17 Jul, 2024 | 20:15
Updated At:23 Apr, 2025 | 14:19

A SQL injection vulnerability was found in 'ajax.php' of Sourcecodester Simple Library Management System 1.0. This vulnerability stems from insufficient user input validation of the 'username' parameter, allowing attackers to inject malicious SQL queries.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CPE Matches
nikhil-bhalerao
nikhil-bhalerao
>>simple_library_management_system>>1.0
cpe:2.3:a:nikhil-bhalerao:simple_library_management_system:1.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-89
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/CveSecLook/cve/issues/49cve@mitre.org
Exploit
Third Party Advisory
https://github.com/CveSecLook/cve/issues/49af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
Hyperlink: https://github.com/CveSecLook/cve/issues/49
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://github.com/CveSecLook/cve/issues/49
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1982Records found
CVE-2024-5378
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 25.54%
||
7 Day CHG~0.00%
Published-26 May, 2024 | 21:31
Updated-10 Feb, 2025 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester School Intramurals Student Attendance Management System manage_sy.php sql injection

A vulnerability was found in SourceCodester School Intramurals Student Attendance Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manage_sy.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-266290 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-school_intramurals_-_student_attendance_management_systemSchool Intramurals Student Attendance Management Systemschool_instramurals
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-4925
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 5.24%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 01:31
Updated-10 Feb, 2025 | 13:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester School Intramurals Student Attendance Management System manage_course.php sql injection

A vulnerability was found in SourceCodester School Intramurals Student Attendance Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /intrams_sams/manage_course.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264461 was assigned to this vulnerability.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-school_intramurals_-_student_attendance_management_systemSchool Intramurals Student Attendance Management Systemschool_instramurals
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-4931
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.28%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 04:31
Updated-09 Dec, 2024 | 22:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Online Bidding System sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Simple Online Bidding System 1.0. This issue affects some unknown processing of the file /simple-online-bidding-system/admin/index.php?page=view_udet. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264467.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_online_bidding_systemSimple Online Bidding Systemsimple_online_bidding_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3424
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.10% / 27.89%
||
7 Day CHG+0.03%
Published-07 Apr, 2024 | 15:31
Updated-17 Jan, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Courseware listscore.php sql injection

A vulnerability classified as critical has been found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file admin/listscore.php. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259596.

Action-Not Available
Vendor-argieSourceCodester
Product-online_coursewareOnline Coursewareonline_courseware
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3418
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 15.75%
||
7 Day CHG+0.01%
Published-07 Apr, 2024 | 09:31
Updated-26 Feb, 2025 | 18:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Courseware deactivateteach.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file admin/deactivateteach.php. The manipulation of the argument selector leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259590 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-argieSourceCodester
Product-online_coursewareOnline Coursewareonline_courseware
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3416
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.11% / 30.39%
||
7 Day CHG+0.03%
Published-07 Apr, 2024 | 03:31
Updated-17 Jan, 2025 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Courseware editt.php sql injection

A vulnerability classified as critical was found in SourceCodester Online Courseware 1.0. This vulnerability affects unknown code of the file admin/editt.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259588.

Action-Not Available
Vendor-argieSourceCodester
Product-online_coursewareOnline Coursewareonline_courseware
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3442
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.04% / 10.41%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 14:31
Updated-10 Feb, 2025 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Prison Management System delete_leave.php sql injection

A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. This affects an unknown part of the file /Employee/delete_leave.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259695.

Action-Not Available
Vendor-fast5SourceCodester
Product-prison_management_systemPrison Management Systemprison_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3465
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.04% / 11.27%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 20:31
Updated-17 Jan, 2025 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Laundry Management System Transaki.php laporan_filter sql injection

A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been classified as critical. Affected is the function laporan_filter of the file /application/controller/Transaki.php. The manipulation of the argument dari/sampai leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259746 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-laundry_shop_management_systemLaundry Management Systemlaundry_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3422
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.08% / 23.97%
||
7 Day CHG+0.02%
Published-07 Apr, 2024 | 13:31
Updated-17 Jan, 2025 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Courseware activatestud.php sql injection

A vulnerability was found in SourceCodester Online Courseware 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/activatestud.php. The manipulation of the argument selector leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259594 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-argieSourceCodester
Product-online_coursewareOnline Coursewareonline_courseware
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3425
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.04% / 13.14%
||
7 Day CHG+0.01%
Published-07 Apr, 2024 | 16:00
Updated-17 Jan, 2025 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Courseware activateall.php sql injection

A vulnerability classified as critical was found in SourceCodester Online Courseware 1.0. Affected by this vulnerability is an unknown functionality of the file admin/activateall.php. The manipulation of the argument selector leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259597 was assigned to this vulnerability.

Action-Not Available
Vendor-argieSourceCodester
Product-online_coursewareOnline Coursewareonline_courseware
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3315
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.11% / 30.73%
||
7 Day CHG+0.03%
Published-04 Apr, 2024 | 21:00
Updated-17 Jan, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Computer Laboratory Management System user.php sql injection

A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0. It has been classified as critical. Affected is an unknown function of the file classes/user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259386 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-computer_laboratory_management_systemComputer Laboratory Management Systemcomputer_laboratory_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3225
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.12% / 31.25%
||
7 Day CHG+0.03%
Published-03 Apr, 2024 | 02:00
Updated-18 Feb, 2025 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester PHP Task Management System edit-task.php sql injection

A vulnerability was found in SourceCodester PHP Task Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file edit-task.php. The manipulation of the argument task_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259070 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-SourceCodestermayuri_k
Product-php_task_management_systemPHP Task Management Systemphp_task_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3223
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.10% / 27.65%
||
7 Day CHG+0.02%
Published-03 Apr, 2024 | 01:00
Updated-01 Aug, 2024 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester PHP Task Management System admin-manage-user.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester PHP Task Management System 1.0. Affected is an unknown function of the file admin-manage-user.php. The manipulation of the argument admin_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259068.

Action-Not Available
Vendor-SourceCodester
Product-PHP Task Management Systemphp_task_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3224
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.13% / 33.75%
||
7 Day CHG+0.04%
Published-03 Apr, 2024 | 01:31
Updated-18 Feb, 2025 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester PHP Task Management System task-details.php sql injection

A vulnerability has been found in SourceCodester PHP Task Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file task-details.php. The manipulation of the argument task_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259069 was assigned to this vulnerability.

Action-Not Available
Vendor-SourceCodestermayuri_k
Product-php_task_management_systemPHP Task Management Systemphp_task_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3254
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.13% / 32.58%
||
7 Day CHG+0.03%
Published-03 Apr, 2024 | 12:00
Updated-10 Feb, 2025 | 23:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Internship Portal Management System edit_admin.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Internship Portal Management System 1.0. This issue affects some unknown processing of the file admin/edit_admin.php. The manipulation of the argument admin_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259103.

Action-Not Available
Vendor-chatikoboSourceCodester
Product-internship_portal_management_systemInternship Portal Management Systeminternship_portal_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3253
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.10% / 29.12%
||
7 Day CHG+0.03%
Published-03 Apr, 2024 | 11:00
Updated-10 Feb, 2025 | 23:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Internship Portal Management System add_admin.php sql injection

A vulnerability classified as critical was found in SourceCodester Internship Portal Management System 1.0. This vulnerability affects unknown code of the file admin/add_admin.php. The manipulation of the argument name/username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259102 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-chatikoboSourceCodester
Product-internship_portal_management_systemInternship Portal Management Systeminternship_portal_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2999
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 18.73%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 21:00
Updated-05 Mar, 2025 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Online Art Gallery Management System adminHome.php sql injection

A vulnerability classified as critical has been found in Campcodes Online Art Gallery Management System 1.0. This affects an unknown part of the file /admin/adminHome.php. The manipulation of the argument uname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258201 was assigned to this vulnerability.

Action-Not Available
Vendor-SourceCodesterCampCodes
Product-online_art_gallery_management_systemOnline Art Gallery Management Systemonline_art_gallery_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2932
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.11% / 30.04%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 00:00
Updated-18 Feb, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Chatting System update_room.php sql injection

A vulnerability classified as critical has been found in SourceCodester Online Chatting System 1.0. Affected is an unknown function of the file admin/update_room.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258012.

Action-Not Available
Vendor-donbermoySourceCodester
Product-online_chatting_systemOnline Chatting Systemonline_chatting_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2556
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 17.25%
||
7 Day CHG~0.00%
Published-17 Mar, 2024 | 08:00
Updated-18 Feb, 2025 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Employee Task Management System attendance-info.php sql injection

A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been classified as critical. This affects an unknown part of the file attendance-info.php. The manipulation of the argument user_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257055.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-employee_task_management_systemEmployee Task Management Systememployee_task_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2554
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.07% / 22.39%
||
7 Day CHG~0.00%
Published-17 Mar, 2024 | 04:31
Updated-22 Aug, 2024 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Employee Task Management System update-employee.php sql injection

A vulnerability has been found in SourceCodester Employee Task Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file update-employee.php. The manipulation of the argument admin_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257053 was assigned to this vulnerability.

Action-Not Available
Vendor-SourceCodester
Product-Employee Task Management Systememployee_task_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2332
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.08% / 24.13%
||
7 Day CHG~0.00%
Published-09 Mar, 2024 | 14:00
Updated-18 Feb, 2025 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Mobile Management Store HTTP GET Request manage_category.php sql injection

A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/maintenance/manage_category.php of the component HTTP GET Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256283.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-online_mobile_store_management_systemOnline Mobile Management Storeonline_mobile_management_store
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2418
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.22% / 44.65%
||
7 Day CHG~0.00%
Published-13 Mar, 2024 | 18:00
Updated-18 Feb, 2025 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best POS Management System view_order.php sql injection

A vulnerability was found in SourceCodester Best POS Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view_order.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256705 was assigned to this vulnerability.

Action-Not Available
Vendor-SourceCodestermayuri_k
Product-best_pos_management_systemBest POS Management Systembest_pos_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2069
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.04% / 8.72%
||
7 Day CHG~0.00%
Published-01 Mar, 2024 | 15:31
Updated-17 Dec, 2024 | 21:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester FAQ Management System delete-faq.php sql injection

A vulnerability classified as critical has been found in SourceCodester FAQ Management System 1.0. Affected is an unknown function of the file /endpoint/delete-faq.php. The manipulation of the argument faq leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255384.

Action-Not Available
Vendor-remyandradeSourceCodester
Product-faq_management_systemFAQ Management Systemfaq_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2067
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 17.45%
||
7 Day CHG~0.00%
Published-01 Mar, 2024 | 15:00
Updated-17 Dec, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Computer Inventory System delete-computer.php sql injection

A vulnerability was found in SourceCodester Computer Inventory System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/delete-computer.php. The manipulation of the argument computer leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-255382 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-remyandradeSourceCodester
Product-computer_inventory_systemComputer Inventory Systemcomputer_inventory_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2073
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.07% / 22.39%
||
7 Day CHG~0.00%
Published-01 Mar, 2024 | 17:00
Updated-02 Jan, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Block Inserter for Dynamic Content view_post.php sql injection

A vulnerability has been found in SourceCodester Block Inserter for Dynamic Content 1.0 and classified as critical. This vulnerability affects unknown code of the file view_post.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255388.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-block_inserter_for_dynamic_contentBlock Inserter for Dynamic Contentblock_inserter_for_dynamic_content
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-1923
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.09% / 26.92%
||
7 Day CHG~0.00%
Published-27 Feb, 2024 | 16:00
Updated-06 Dec, 2024 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Student Attendance System List of Classes Page ajax-api.php delete_student sql injection

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as critical. Affected by this issue is the function delete_class/delete_student of the file /ajax-api.php of the component List of Classes Page. The manipulation of the argument id with the input 1337'+or+1=1;--+ leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254858 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_student_attendance_systemSimple Student Attendance Systemsimple_student_attendance_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-1878
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 13.59%
||
7 Day CHG~0.00%
Published-26 Feb, 2024 | 01:00
Updated-23 Dec, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Employee Management System myprofile.php sql injection

A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /myprofile.php. The manipulation of the argument id with the input 1%20or%201=1 leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254726 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-razormistSourceCodester
Product-employee_management_systemEmployee Management Systememployee_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-1877
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.03% / 8.16%
||
7 Day CHG~0.00%
Published-26 Feb, 2024 | 01:00
Updated-23 Dec, 2024 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Employee Management System cancel.php sql injection

A vulnerability was found in SourceCodester Employee Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /cancel.php. The manipulation of the argument id with the input 1%20or%201=1 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254725 was assigned to this vulnerability.

Action-Not Available
Vendor-razormistSourceCodester
Product-employee_management_systemEmployee Management Systememployee_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-11212
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 27.09%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 15:00
Updated-19 Nov, 2024 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best Employee Management System fetch_product_details.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Best Employee Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/fetch_product_details.php. The manipulation of the argument barcode leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-best_employee_management_systemBest Employee Management Systembest_employee_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2024-10990
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 28.52%
||
7 Day CHG+0.01%
Published-08 Nov, 2024 | 04:31
Updated-18 Nov, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Veterinary Appointment System view_service.php sql injection

A vulnerability classified as critical was found in SourceCodester Online Veterinary Appointment System 1.0. This vulnerability affects unknown code of the file /admin/services/view_service.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-online_veterinary_appointment_systemOnline Veterinary Appointment Systemonline_veterinary_appointment_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2024-10349
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.10%
||
7 Day CHG~0.00%
Published-24 Oct, 2024 | 22:00
Updated-30 Oct, 2024 | 13:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best House Rental Management System ajax.php delete_tenant sql injection

A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as critical. Affected by this issue is the function delete_tenant of the file /ajax.php?action=delete_tenant. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-best_house_rental_management_systemBest House Rental Management Systembest_house_rental_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-10406
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.08%
||
7 Day CHG+0.02%
Published-26 Oct, 2024 | 22:00
Updated-29 Oct, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Petrol Pump Management Software edit_fuel.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/edit_fuel.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-petrol_pump_managementPetrol Pump Management Softwarepetrol_pump_management
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-10411
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.08%
||
7 Day CHG+0.02%
Published-27 Oct, 2024 | 05:00
Updated-29 Oct, 2024 | 20:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Hotel Reservation System controller.php doCheckout sql injection

A vulnerability was found in SourceCodester Online Hotel Reservation System 1.0. It has been classified as critical. Affected is the function doCancelRoom/doCancel/doConfirm/doCancel/doCheckin/doCheckout of the file /marimar/admin/mod_room/controller.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-janobeSourceCodester
Product-online_hotel_reservation_systemOnline Hotel Reservation Systemonline_hotel_reservation_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-10450
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 31.46%
||
7 Day CHG+0.02%
Published-28 Oct, 2024 | 15:00
Updated-22 Nov, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Kortex Lite Advocate Office Management System POST Parameter edit_profile.php sql injection

A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /kortex_lite/control/edit_profile.php of the component POST Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-advocate_office_management_systemKortex Lite Advocate Office Management Systemkortex_lite_advocate_office_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-10407
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.08%
||
7 Day CHG+0.02%
Published-26 Oct, 2024 | 23:31
Updated-29 Oct, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Petrol Pump Management Software edit_customer.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Petrol Pump Management Software 1.0. This affects an unknown part of the file /admin/edit_customer.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-petrol_pump_managementPetrol Pump Management Softwarepetrol_pump_management
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7197
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 32.42%
||
7 Day CHG~0.00%
Published-29 Jul, 2024 | 11:31
Updated-12 Aug, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Complaints Report Management System manage_complaint.php sql injection

A vulnerability was found in SourceCodester Complaints Report Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/manage_complaint.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272618 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-complaints_report_management_systemComplaints Report Management Systemcomplaints_report_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7641
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.32%
||
7 Day CHG~0.00%
Published-09 Aug, 2024 | 14:31
Updated-15 Aug, 2024 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Kortex Lite Advocate Office Management System deactivate_act.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected is an unknown function of the file deactivate_act.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-advocate_office_management_systemKortex Lite Advocate Office Management Systemkortex_lite_advocate_office_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7306
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.31%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 08:00
Updated-12 Aug, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Establishment Billing Management System manage_block.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Establishment Billing Management System 1.0. Affected is an unknown function of the file /manage_block.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273198 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-establishment_billing_management_systemEstablishment Billing Management Systemestablishment_billing_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7669
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 21.48%
||
7 Day CHG~0.00%
Published-11 Aug, 2024 | 09:00
Updated-15 Aug, 2024 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Car Driving School Management System Master.php delete_enrollment sql injection

A vulnerability was found in SourceCodester Car Driving School Management System 1.0 and classified as critical. This issue affects the function delete_enrollment of the file Master.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-car_driving_school_management_systemCar Driving School Management Systemcar_driving_school_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7376
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.31%
||
7 Day CHG~0.00%
Published-02 Aug, 2024 | 01:31
Updated-09 Aug, 2024 | 11:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Realtime Quiz System print_quiz_records.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Simple Realtime Quiz System 1.0. Affected is an unknown function of the file /print_quiz_records.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273360.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_realtime_quiz_systemSimple Realtime Quiz Systemsimple_realtime_quiz_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7371
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 40.35%
||
7 Day CHG~0.00%
Published-01 Aug, 2024 | 23:00
Updated-07 Aug, 2024 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Realtime Quiz System quiz_view.php sql injection

A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /quiz_view.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273355.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_realtime_quiz_systemSimple Realtime Quiz Systemsimple_realtime_quiz_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7166
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 32.42%
||
7 Day CHG~0.00%
Published-28 Jul, 2024 | 18:00
Updated-12 Aug, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester School Fees Payment System receipt.php sql injection

A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been classified as critical. Affected is an unknown function of the file /receipt.php. The manipulation of the argument ef_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272580.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-school_fees_payment_systemSchool Fees Payment Systemschool_fees_payment_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7751
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 4.92%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 23:00
Updated-19 Aug, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Clinics Patient Management System update_medicine.php sql injection

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /update_medicine.php. The manipulation of the argument hidden_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-clinic\'s_patient_management_systemClinics Patient Management Systemclinics_patient_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7638
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.32%
||
7 Day CHG~0.00%
Published-09 Aug, 2024 | 13:31
Updated-15 Aug, 2024 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Kortex Lite Advocate Office Management System delete_client.php sql injection

A vulnerability classified as critical has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This affects an unknown part of the file delete_client.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-advocate_office_management_systemKortex Lite Advocate Office Management Systemkortex_lite_advocate_office_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7748
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.62%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 21:31
Updated-22 Nov, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Accounts Manager App delete-account.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Accounts Manager App 1.0. This issue affects some unknown processing of the file /endpoint/delete-account.php. The manipulation of the argument account leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-remyandradeSourceCodester
Product-accounts_manager_appAccounts Manager Appaccounts_manager_app
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7199
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 34.09%
||
7 Day CHG~0.00%
Published-29 Jul, 2024 | 12:31
Updated-12 Aug, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Complaints Report Management System manage_user.php sql injection

A vulnerability classified as critical was found in SourceCodester Complaints Report Management System 1.0. This vulnerability affects unknown code of the file /admin/manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272620.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-complaints_report_management_systemComplaints Report Management Systemcomplaints_report_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7664
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 21.48%
||
7 Day CHG~0.00%
Published-11 Aug, 2024 | 06:31
Updated-15 Aug, 2024 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Car Driving School Management System view_details.php sql injection

A vulnerability classified as critical has been found in SourceCodester Car Driving School Management System 1.0. Affected is an unknown function of the file view_details.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-car_driving_school_management_systemCar Driving School Management Systemcar_driving_school_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7287
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 32.42%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 04:31
Updated-12 Aug, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Establishment Billing Management System manage_user.php sql injection

A vulnerability was found in SourceCodester Establishment Billing Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273156.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-establishment_billing_management_systemEstablishment Billing Management Systemestablishment_billing_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7668
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 21.71%
||
7 Day CHG~0.00%
Published-11 Aug, 2024 | 08:31
Updated-15 Aug, 2024 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Car Driving School Management System Master.php delete_package sql injection

A vulnerability has been found in SourceCodester Car Driving School Management System 1.0 and classified as critical. This vulnerability affects the function delete_package of the file Master.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-car_driving_school_management_systemCar Driving School Management Systemcar_driving_school_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7666
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 19.72%
||
7 Day CHG~0.00%
Published-11 Aug, 2024 | 07:31
Updated-15 Aug, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Car Driving School Management System view_package.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Car Driving School Management System 1.0. Affected by this issue is some unknown functionality of the file view_package.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-car_driving_school_management_systemCar Driving School Management Systemcar_driving_school_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 39
  • 40
  • Next
Details not found