Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-7751

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-13 Aug, 2024 | 23:00
Updated At-15 Aug, 2024 | 14:16
Rejected At-
Credits

SourceCodester Clinics Patient Management System update_medicine.php sql injection

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /update_medicine.php. The manipulation of the argument hidden_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:13 Aug, 2024 | 23:00
Updated At:15 Aug, 2024 | 14:16
Rejected At:
▼CVE Numbering Authority (CNA)
SourceCodester Clinics Patient Management System update_medicine.php sql injection

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /update_medicine.php. The manipulation of the argument hidden_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Affected Products
Vendor
SourceCodesterSourceCodester
Product
Clinics Patient Management System
Versions
Affected
  • 1.0
Problem Types
TypeCWE IDDescription
CWECWE-89CWE-89 SQL Injection
Type: CWE
CWE ID: CWE-89
Description: CWE-89 SQL Injection
Metrics
VersionBase scoreBase severityVector
4.05.3MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3.06.3MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2.06.5N/A
AV:N/AC:L/Au:S/C:P/I:P/A:P
Version: 4.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Version: 3.0
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Version: 2.0
Base score: 6.5
Base severity: N/A
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
Wsstiger (VulDB User)
Timeline
EventDate
Advisory disclosed2024-08-13 00:00:00
VulDB entry created2024-08-13 02:00:00
VulDB entry last update2024-08-13 18:17:50
Event: Advisory disclosed
Date: 2024-08-13 00:00:00
Event: VulDB entry created
Date: 2024-08-13 02:00:00
Event: VulDB entry last update
Date: 2024-08-13 18:17:50
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.274370
vdb-entry
technical-description
https://vuldb.com/?ctiid.274370
signature
permissions-required
https://vuldb.com/?submit.389295
third-party-advisory
https://github.com/Wsstiger/cve/blob/main/Clinic's_sql2.md
exploit
Hyperlink: https://vuldb.com/?id.274370
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/?ctiid.274370
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/?submit.389295
Resource:
third-party-advisory
Hyperlink: https://github.com/Wsstiger/cve/blob/main/Clinic's_sql2.md
Resource:
exploit
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
SourceCodestersourcecodester
Product
clinics_patient_management_system
CPEs
  • cpe:2.3:a:sourcecodester:clinics_patient_management_system:1.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 1.0
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:13 Aug, 2024 | 23:15
Updated At:19 Aug, 2024 | 17:47

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /update_medicine.php. The manipulation of the argument hidden_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.05.3MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Secondary3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Secondary2.06.5MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
Type: Secondary
Version: 4.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Type: Secondary
Version: 2.0
Base score: 6.5
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
CPE Matches
oretnom23
oretnom23
>>clinic\'s_patient_management_system>>1.0
cpe:2.3:a:oretnom23:clinic\'s_patient_management_system:1.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Primarycna@vuldb.com
CWE ID: CWE-89
Type: Primary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/Wsstiger/cve/blob/main/Clinic's_sql2.mdcna@vuldb.com
Exploit
https://vuldb.com/?ctiid.274370cna@vuldb.com
Permissions Required
Third Party Advisory
VDB Entry
https://vuldb.com/?id.274370cna@vuldb.com
Permissions Required
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.389295cna@vuldb.com
Third Party Advisory
VDB Entry
Hyperlink: https://github.com/Wsstiger/cve/blob/main/Clinic's_sql2.md
Source: cna@vuldb.com
Resource:
Exploit
Hyperlink: https://vuldb.com/?ctiid.274370
Source: cna@vuldb.com
Resource:
Permissions Required
Third Party Advisory
VDB Entry
Hyperlink: https://vuldb.com/?id.274370
Source: cna@vuldb.com
Resource:
Permissions Required
Third Party Advisory
VDB Entry
Hyperlink: https://vuldb.com/?submit.389295
Source: cna@vuldb.com
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

4260Records found
CVE-2023-3661
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.04% / 10.57%
||
7 Day CHG~0.00%
Published-13 Jul, 2023 | 12:00
Updated-02 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester AC Repair and Services System sql injection

A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been classified as critical. This affects an unknown part of the file /classes/Master.php?f=save_inquiry. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-234015.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-ac_repair_and_services_systemAC Repair and Services System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-3679
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.04% / 9.82%
||
7 Day CHG~0.00%
Published-15 Jul, 2023 | 08:31
Updated-02 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Lost and Found Information System HTTP POST Request sql injection

A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=save_inquiry of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-234224.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-lost_and_found_information_systemLost and Found Information System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-3694
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 16.24%
||
7 Day CHG~0.00%
Published-16 Jul, 2023 | 23:31
Updated-04 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester/projectworlds House Rental and Property Listing index.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester/projectworlds House Rental and Property Listing 1.0. This issue affects some unknown processing of the file /index.php. The manipulation of the argument keywords/location leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-sourcecodester_house_rental_and_property_listing_projectSourceCodesterProjectworlds
Product-house_rental_and_property_listingHouse Rental and Property Listing
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-1923
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.09% / 26.93%
||
7 Day CHG~0.00%
Published-27 Feb, 2024 | 16:00
Updated-06 Dec, 2024 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Student Attendance System List of Classes Page ajax-api.php delete_student sql injection

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as critical. Affected by this issue is the function delete_class/delete_student of the file /ajax-api.php of the component List of Classes Page. The manipulation of the argument id with the input 1337'+or+1=1;--+ leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254858 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_student_attendance_systemSimple Student Attendance Systemsimple_student_attendance_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-3678
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.04% / 9.82%
||
7 Day CHG~0.00%
Published-15 Jul, 2023 | 08:00
Updated-02 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester AC Repair and Services System HTTP POST Request sql injection

A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_inquiry of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-234223.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-ac_repair_and_services_systemAC Repair and Services System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-3502
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 13.33%
||
7 Day CHG~0.00%
Published-04 Jul, 2023 | 14:00
Updated-02 Aug, 2024 | 06:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Shopping Website search-result.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Shopping Website 1.0. Affected is an unknown function of the file search-result.php. The manipulation of the argument product leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-232950 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-sanchitkmrSourceCodester
Product-shopping_websiteShopping Website
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-3534
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 16.94%
||
7 Day CHG~0.00%
Published-07 Jul, 2023 | 12:00
Updated-02 Aug, 2024 | 06:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Shopping Website check_availability.php sql injection

A vulnerability was found in SourceCodester Shopping Website 1.0. It has been classified as critical. Affected is an unknown function of the file check_availability.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-233286 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-sanchitkmrSourceCodester
Product-shopping_websiteShopping Website
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-3458
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 19.52%
||
7 Day CHG~0.00%
Published-29 Jun, 2023 | 13:31
Updated-02 Aug, 2024 | 06:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Shopping Website forgot-password.php sql injection

A vulnerability was found in SourceCodester Shopping Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file forgot-password.php. The manipulation of the argument contact leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232675.

Action-Not Available
Vendor-sanchitkmrSourceCodester
Product-shopping_websiteShopping Website
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-2086
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-1.99% / 82.88%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 13:10
Updated-15 Apr, 2025 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Bank Management System login.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Bank Management System 1.0. Affected by this issue is login.php. The manipulation of the argument password with the input 1'and 1=2 union select 1,sleep(10),3,4,5 --+ leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-bank_management_system_projectSourceCodester
Product-bank_management_systemBank Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-4557
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 16.24%
||
7 Day CHG~0.00%
Published-27 Aug, 2023 | 22:00
Updated-02 Aug, 2024 | 07:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Inventory Management System search_purchase_paymen_report.php sql injection

A vulnerability classified as critical has been found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file app/ajax/search_purchase_paymen_report.php. The manipulation of the argument customer leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238158 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-inventory_management_system_projectSourceCodester
Product-inventory_management_systemInventory Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-3340
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 16.24%
||
7 Day CHG~0.00%
Published-20 Jun, 2023 | 15:31
Updated-02 Aug, 2024 | 06:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online School Fees System GET Parameter ajx.php sql injection

A vulnerability was found in SourceCodester Online School Fees System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ajx.php of the component GET Parameter Handler. The manipulation of the argument name_startsWith leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232016.

Action-Not Available
Vendor-online_school_fees_system_projectSourceCodester
Product-online_school_fees_systemOnline School Fees System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-2214
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.36% / 57.28%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 06:45
Updated-15 Apr, 2025 | 14:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Library Management System bookdetails.php sql injection

A vulnerability was found in SourceCodester Library Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /librarian/bookdetails.php. The manipulation of the argument id with the input ' AND (SELECT 9198 FROM (SELECT(SLEEP(5)))iqZA)-- PbtB leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-jkevSourceCodester
Product-library_management_systemLibrary Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-3383
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 16.24%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 10:00
Updated-02 Aug, 2024 | 06:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Game Result Matrix System GET Parameter athlete-profile.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Game Result Matrix System 1.0. This affects an unknown part of the file /dipam/athlete-profile.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232239.

Action-Not Available
Vendor-imarkpatricSourceCodester
Product-game_result_matrix_systemGame Result Matrix System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-1877
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.03% / 8.23%
||
7 Day CHG~0.00%
Published-26 Feb, 2024 | 01:00
Updated-23 Dec, 2024 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Employee Management System cancel.php sql injection

A vulnerability was found in SourceCodester Employee Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /cancel.php. The manipulation of the argument id with the input 1%20or%201=1 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254725 was assigned to this vulnerability.

Action-Not Available
Vendor-razormistSourceCodester
Product-employee_management_systemEmployee Management Systememployee_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-4449
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 16.24%
||
7 Day CHG~0.00%
Published-21 Aug, 2023 | 02:00
Updated-02 Aug, 2024 | 07:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Free and Open Source Inventory Management System sql injection

A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /index.php?page=member. The manipulation of the argument columns[0][data] leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-237570 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-inventory_management_system_projectSourceCodester
Product-inventory_management_systemFree and Open Source Inventory Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-4444
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 16.24%
||
7 Day CHG~0.00%
Published-21 Aug, 2023 | 00:31
Updated-02 Aug, 2024 | 07:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Free Hospital Management System for Small Practices edit-user.php sql injection

A vulnerability classified as critical was found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this vulnerability is an unknown functionality of the file vm\patient\edit-user.php. The manipulation of the argument id00/nic/oldemail/email/spec/Tele leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-237565 was assigned to this vulnerability.

Action-Not Available
Vendor-free_hospital_management_system_for_small_practices_projectSourceCodester
Product-free_hospital_management_system_for_small_practicesFree Hospital Management System for Small Practices
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-4443
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 16.24%
||
7 Day CHG~0.00%
Published-21 Aug, 2023 | 00:31
Updated-02 Aug, 2024 | 07:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Free Hospital Management System for Small Practices edit-doc.php sql injection

A vulnerability classified as critical has been found in SourceCodester Free Hospital Management System for Small Practices 1.0/5.0.12. Affected is an unknown function of the file vm\doctor\edit-doc.php. The manipulation of the argument id00/nic/oldemail/email/spec/Tele leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237564.

Action-Not Available
Vendor-free_hospital_management_system_for_small_practices_projectSourceCodester
Product-free_hospital_management_system_for_small_practicesFree Hospital Management System for Small Practices
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-3391
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 16.24%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 16:00
Updated-21 Nov, 2024 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Human Resource Management System detailview.php sql injection

A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file detailview.php. The manipulation of the argument employeeid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232288.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-human_resource_management_systemHuman Resource Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-4441
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.04% / 12.80%
||
7 Day CHG~0.00%
Published-20 Aug, 2023 | 23:31
Updated-02 Aug, 2024 | 07:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Free Hospital Management System for Small Practices appointment.php sql injection

A vulnerability was found in SourceCodester Free Hospital Management System for Small Practices 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /patient/appointment.php. The manipulation of the argument sheduledate leads to sql injection. The attack can be initiated remotely. VDB-237562 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-free_hospital_management_system_for_small_practices_projectSourceCodester
Product-free_hospital_management_system_for_small_practicesFree Hospital Management System for Small Practices
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-4438
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 16.24%
||
7 Day CHG~0.00%
Published-20 Aug, 2023 | 22:31
Updated-02 Aug, 2024 | 07:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Inventory Management System search_sales_report.php sql injection

A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file app/ajax/search_sales_report.php. The manipulation of the argument customer leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237559.

Action-Not Available
Vendor-inventory_management_system_projectSourceCodester
Product-inventory_management_systemInventory Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-33677
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 17.39%
||
7 Day CHG~0.00%
Published-06 Mar, 2024 | 00:00
Updated-15 Jan, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*".

Action-Not Available
Vendor-n/aoretnom23SourceCodester
Product-lost_and_found_information_systemn/alost_and_found_information_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-1926
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.07% / 21.29%
||
7 Day CHG~0.00%
Published-27 Feb, 2024 | 17:00
Updated-22 Apr, 2025 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Free and Open Source Inventory Management System search_sales_report.php sql injection

A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /app/ajax/search_sales_report.php. The manipulation of the argument customer leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254861 was assigned to this vulnerability.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-free_and_open_source_inventory_management_systemFree and Open Source Inventory Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-3120
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 15.87%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 11:00
Updated-07 Jan, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Service Provider Management System view_service.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Service Provider Management System 1.0. This affects an unknown part of the file view_service.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230799.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-service_provider_management_systemService Provider Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-4179
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 16.24%
||
7 Day CHG~0.00%
Published-06 Aug, 2023 | 07:31
Updated-02 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Free Hospital Management System for Small Practices sql injection

A vulnerability classified as critical has been found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected is an unknown function of the file /vm/doctor/doctors.php?action=view. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-236214 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-free_hospital_management_system_for_small_practicesFree Hospital Management System for Small Practices
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-3146
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 17.51%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 15:31
Updated-22 Apr, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Discussion Forum Site manage_category.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Online Discussion Forum Site 1.0. This affects an unknown part of the file admin\categories\manage_category.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231015.

Action-Not Available
Vendor-SourceCodesterrazormist
Product-online_discussion_forum_siteOnline Discussion Forum Site
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-3147
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 15.77%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 16:00
Updated-22 Apr, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Discussion Forum Site view_category.php sql injection

A vulnerability has been found in SourceCodester Online Discussion Forum Site 1.0 and classified as critical. This vulnerability affects unknown code of the file admin\categories\view_category.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231016.

Action-Not Available
Vendor-SourceCodesterrazormist
Product-online_discussion_forum_siteOnline Discussion Forum Site
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-3176
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 15.77%
||
7 Day CHG~0.00%
Published-09 Jun, 2023 | 05:31
Updated-02 Aug, 2024 | 06:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Lost and Found Information System manage_user.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file admin\user\manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-231150 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-lost_and_found_information_systemLost and Found Information System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-4185
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 16.24%
||
7 Day CHG~0.00%
Published-06 Aug, 2023 | 13:00
Updated-02 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Hospital Management System patientlogin.php sql injection

A vulnerability was found in SourceCodester Online Hospital Management System 1.0. It has been classified as critical. Affected is an unknown function of the file patientlogin.php. The manipulation of the argument loginid/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-236220.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-online_hospital_management_systemOnline Hospital Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-2017
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.25% / 47.87%
||
7 Day CHG~0.00%
Published-07 Jun, 2022 | 11:05
Updated-15 Apr, 2025 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Prison Management System Visit view_visit.php sql injection

A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pms/admin/visits/view_visit.php of the component Visit Handler. The manipulation of the argument id with the input 2%27and%201=2%20union%20select%201,2,3,4,5,6,7,user(),database()--+ leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-prison_management_systemPrison Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-4201
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 16.24%
||
7 Day CHG~0.00%
Published-07 Aug, 2023 | 19:31
Updated-02 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Inventory Management System ex_catagory_data.php sql injection

A vulnerability was found in SourceCodester Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file ex_catagory_data.php. The manipulation of the argument columns[1][data] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236291.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-inventory_management_systemInventory Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-4200
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 16.24%
||
7 Day CHG~0.00%
Published-07 Aug, 2023 | 18:31
Updated-02 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Inventory Management System product_data.php. sql injection

A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file product_data.php.. The manipulation of the argument columns[1][data] leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-236290 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-inventory_management_systemInventory Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-4193
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 17.84%
||
7 Day CHG~0.00%
Published-07 Aug, 2023 | 00:00
Updated-02 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Resort Reservation System view_fee.php sql injection

A vulnerability has been found in SourceCodester Resort Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file view_fee.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-236236.

Action-Not Available
Vendor-resort_reservation_system_projectSourceCodester
Product-resort_reservation_systemResort Reservation System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-4176
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 16.24%
||
7 Day CHG~0.00%
Published-06 Aug, 2023 | 02:00
Updated-02 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Hospital Management System appointmentapproval.php sql injection

A vulnerability was found in SourceCodester Hospital Management System 1.0. It has been classified as critical. This affects an unknown part of the file appointmentapproval.php. The manipulation of the argument time leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236211.

Action-Not Available
Vendor-hospital_management_system_projectSourceCodester
Product-hospital_management_systemHospital Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-1927
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.21% / 43.89%
||
7 Day CHG~0.00%
Published-27 Feb, 2024 | 17:31
Updated-18 Dec, 2024 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Web-Based Student Clearance System login.php sql injection

A vulnerability classified as critical was found in SourceCodester Web-Based Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file /Admin/login.php. The manipulation of the argument txtpassword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254863.

Action-Not Available
Vendor-walterjnr1SourceCodester
Product-web-based_student_clearance_systemWeb-Based Student Clearance Systemwebbased_student_clearance_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-3145
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 17.51%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 15:00
Updated-22 Apr, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Discussion Forum Site sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Online Discussion Forum Site 1.0. Affected by this issue is some unknown functionality of the file classes\Users.php?f=registration. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-231014 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-SourceCodesterrazormist
Product-online_discussion_forum_siteOnline Discussion Forum Site
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-1878
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 13.66%
||
7 Day CHG~0.00%
Published-26 Feb, 2024 | 01:00
Updated-23 Dec, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Employee Management System myprofile.php sql injection

A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /myprofile.php. The manipulation of the argument id with the input 1%20or%201=1 leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254726 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-razormistSourceCodester
Product-employee_management_systemEmployee Management Systememployee_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-3177
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 15.77%
||
7 Day CHG~0.00%
Published-09 Jun, 2023 | 06:00
Updated-22 Nov, 2024 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Lost and Found Information System view_inquiry.php sql injection

A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin\inquiries\view_inquiry.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231151.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-lost_and_found_information_systemLost and Found Information System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2067
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 17.51%
||
7 Day CHG~0.00%
Published-01 Mar, 2024 | 15:00
Updated-17 Dec, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Computer Inventory System delete-computer.php sql injection

A vulnerability was found in SourceCodester Computer Inventory System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/delete-computer.php. The manipulation of the argument computer leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-255382 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-remyandradeSourceCodester
Product-computer_inventory_systemComputer Inventory Systemcomputer_inventory_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2073
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.07% / 22.43%
||
7 Day CHG~0.00%
Published-01 Mar, 2024 | 17:00
Updated-02 Jan, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Block Inserter for Dynamic Content view_post.php sql injection

A vulnerability has been found in SourceCodester Block Inserter for Dynamic Content 1.0 and classified as critical. This vulnerability affects unknown code of the file view_post.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255388.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-block_inserter_for_dynamic_contentBlock Inserter for Dynamic Contentblock_inserter_for_dynamic_content
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-3152
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.04% / 12.23%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 18:00
Updated-22 Apr, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Discussion Forum Site view_post.php sql injection

A vulnerability classified as critical has been found in SourceCodester Online Discussion Forum Site 1.0. This affects an unknown part of the file admin\posts\view_post.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231021 was assigned to this vulnerability.

Action-Not Available
Vendor-SourceCodesterrazormist
Product-online_discussion_forum_siteOnline Discussion Forum Site
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-3003
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 17.51%
||
7 Day CHG~0.00%
Published-31 May, 2023 | 08:31
Updated-02 Aug, 2024 | 06:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Train Station Ticketing System GET Parameter manage_prices.php sql injection

A vulnerability classified as critical was found in SourceCodester Train Station Ticketing System 1.0. Affected by this vulnerability is an unknown functionality of the file manage_prices.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230347.

Action-Not Available
Vendor-train_station_ticketing_system_projectSourceCodester
Product-train_station_ticketing_systemTrain Station Ticketing System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-2955
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 16.24%
||
7 Day CHG~0.00%
Published-29 May, 2023 | 07:00
Updated-02 Aug, 2024 | 06:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Students Online Internship Timesheet System GET Parameter rendered_report.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Students Online Internship Timesheet System 1.0. Affected is an unknown function of the file rendered_report.php of the component GET Parameter Handler. The manipulation of the argument sid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230142 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-students_online_internship_timesheet_system_projectSourceCodester
Product-students_online_internship_timesheet_systemStudents Online Internship Timesheet System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-2823
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 16.24%
||
7 Day CHG~0.00%
Published-20 May, 2023 | 07:31
Updated-02 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Class Scheduling System GET Parameter edit_subject.php sql injection

A vulnerability was found in SourceCodester Class Scheduling System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit_subject.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229597 was assigned to this vulnerability.

Action-Not Available
Vendor-class_scheduling_system_projectSourceCodester
Product-class_scheduling_systemClass Scheduling System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-44600
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.29% / 52.38%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 13:21
Updated-11 Feb, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The password parameter on Simple Online Mens Salon Management System (MSMS) 1.0 appears to be vulnerable to SQL injection attacks through the password parameter. The predictive tests of this application interacted with that domain, indicating that the injected SQL query was executed. The attacker can retrieve all authentication and information about the users of this system.

Action-Not Available
Vendor-n/aoretnom23
Product-simple_online_men\'s_salon_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-2865
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 16.24%
||
7 Day CHG~0.00%
Published-24 May, 2023 | 10:31
Updated-02 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Theme Park Ticketing System GET Parameter print_ticket.php sql injection

A vulnerability was found in SourceCodester Theme Park Ticketing System 1.0. It has been classified as critical. This affects an unknown part of the file print_ticket.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229821 was assigned to this vulnerability.

Action-Not Available
Vendor-theme_park_ticketing_system_projectSourceCodester
Product-theme_park_ticketing_systemTheme Park Ticketing System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-2772
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 16.24%
||
7 Day CHG~0.00%
Published-17 May, 2023 | 18:31
Updated-22 Nov, 2024 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Budget and Expense Tracker System GET Parameter manage_budget.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Budget and Expense Tracker System 1.0. Affected is an unknown function of the file /admin/budget/manage_budget.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-229278 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-budget_and_expense_tracker_systemBudget and Expense Tracker System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-2696
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 15.77%
||
7 Day CHG~0.00%
Published-14 May, 2023 | 11:00
Updated-02 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Exam System POST Parameter data sql injection

A vulnerability was found in SourceCodester Online Exam System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /matkul/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228977 was assigned to this vulnerability.

Action-Not Available
Vendor-online_exam_system_projectSourceCodester
Product-online_exam_systemOnline Exam System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-2771
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 16.24%
||
7 Day CHG~0.00%
Published-17 May, 2023 | 18:31
Updated-02 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Exam System data sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Online Exam System 1.0. This issue affects some unknown processing of the file /jurusanmatkul/data. The manipulation of the argument columns[1][data] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229277 was assigned to this vulnerability.

Action-Not Available
Vendor-online_exam_system_projectSourceCodester
Product-online_exam_systemOnline Exam System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-2697
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 15.77%
||
7 Day CHG~0.00%
Published-14 May, 2023 | 11:31
Updated-02 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Exam System POST Parameter data sql injection

A vulnerability classified as critical has been found in SourceCodester Online Exam System 1.0. Affected is an unknown function of the file /jurusan/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data] leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-228978 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-online_exam_system_projectSourceCodester
Product-online_exam_systemOnline Exam System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-2698
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 15.77%
||
7 Day CHG~0.00%
Published-14 May, 2023 | 11:31
Updated-02 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Lost and Found Information System GET Parameter sql injection

A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=items/manage_item of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228979.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-lost_and_found_information_systemLost and Found Information System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 85
  • 86
  • Next
Details not found