Oretnom23

A vulnerability was found in CodeAstro Expense Management System 1.0

CVE-2024-1031 6.1 - Medium - January 30, 2024

A vulnerability was found in CodeAstro Expense Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file templates/5-Add-Expenses.php of the component Add Expenses Page. The manipulation of the argument item leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252304.

XSS

A vulnerability has been found in SourceCodester Facebook News Feed Like 1.0 and classified as problematic

CVE-2024-1028 6.1 - Medium - January 30, 2024

A vulnerability has been found in SourceCodester Facebook News Feed Like 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Post Handler. The manipulation of the argument Description with the input <marquee>HACKED</marquee> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252301 was assigned to this vulnerability.

XSS

A vulnerability, which was classified as critical, was found in SourceCodester Facebook News Feed Like 1.0

CVE-2024-1027 9.8 - Critical - January 30, 2024

A vulnerability, which was classified as critical, was found in SourceCodester Facebook News Feed Like 1.0. Affected is an unknown function of the component Post Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-252300.

Unrestricted File Upload

A vulnerability has been found in SourceCodester Facebook News Feed Like 1.0 and classified as problematic

CVE-2024-1024 6.1 - Medium - January 30, 2024

A vulnerability has been found in SourceCodester Facebook News Feed Like 1.0 and classified as problematic. This vulnerability affects unknown code of the component New Account Handler. The manipulation of the argument First Name/Last Name with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252292.

XSS

A vulnerability was found in Project Worlds Visitor Management System 1.0

CVE-2024-0650 6.1 - Medium - January 18, 2024

A vulnerability was found in Project Worlds Visitor Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file dataset.php of the component URL Handler. The manipulation of the argument name with the input "><script>alert('torada')</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251376.

XSS

Budget and Expense Tracker System v1.0 is vulnerable to SQL Injection

CVE-2024-22628 7.2 - High - January 16, 2024

Budget and Expense Tracker System v1.0 is vulnerable to SQL Injection via /expense_budget/admin/?page=reports/budget&date_start=2023-12-28&date_end=

SQL Injection

A vulnerability was found in SourceCodester House Rental Management System 1.0 and classified as critical

CVE-2024-0502 7.2 - High - January 13, 2024

A vulnerability was found in SourceCodester House Rental Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file manage_user.php of the component Edit User. The manipulation of the argument id/name/username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250610 is the identifier assigned to this vulnerability.

SQL Injection

A vulnerability has been found in SourceCodester House Rental Management System 1.0 and classified as problematic

CVE-2024-0501 4.8 - Medium - January 13, 2024

A vulnerability has been found in SourceCodester House Rental Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Manage Invoice Details. The manipulation of the argument Invoice leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250609 was assigned to this vulnerability.

XSS

A vulnerability, which was classified as problematic, was found in SourceCodester House Rental Management System 1.0

CVE-2024-0500 4.8 - Medium - January 13, 2024

A vulnerability, which was classified as problematic, was found in SourceCodester House Rental Management System 1.0. Affected is an unknown function of the component Manage Tenant Details. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250608.

XSS

A vulnerability, which was classified as problematic, has been found in SourceCodester House Rental Management System 1.0

CVE-2024-0499 4.8 - Medium - January 13, 2024

A vulnerability, which was classified as problematic, has been found in SourceCodester House Rental Management System 1.0. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250607.

XSS

SQL Injection vulnerability in oretnom23 Judging Management System v1.0

CVE-2023-30015 9.8 - Critical - January 12, 2024

SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via txtsearch parameter in review_search.php.

SQL Injection

SQL Injection vulnerability in oretnom23 Judging Management System v1.0

CVE-2023-30014 9.8 - Critical - January 12, 2024

SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_stat_update.php.

SQL Injection

SQL Injection vulnerability in oretnom23 Judging Management System v1.0

CVE-2023-30016 9.8 - Critical - January 12, 2024

SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_details_edit.php.

SQL Injection

A vulnerability was found in SourceCodester Clinic Queuing System 1.0

CVE-2024-0264 9.8 - Critical - January 07, 2024

A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /LoginRegistration.php. The manipulation of the argument formToken leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249820.

Insecure Direct Object Reference / IDOR

A vulnerability was found in SourceCodester Clinic Queuing System 1.0

CVE-2024-0265 8.8 - High - January 07, 2024

A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component GET Parameter Handler. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249821 was assigned to this vulnerability.

External Control of File Name or Path

Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket

CVE-2023-50070 8.8 - High - December 29, 2023

Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via department_id, customer_id, and subject.

SQL Injection

A vulnerability was found in SourceCodester Medicine Tracking System 1.0

CVE-2023-7134 9.8 - Critical - December 28, 2023

A vulnerability was found in SourceCodester Medicine Tracking System 1.0. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument page leads to path traversal: '../filedir'. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249137 was assigned to this vulnerability.

Directory traversal

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0

CVE-2023-7058 9.8 - Critical - December 22, 2023

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248749 was assigned to this vulnerability.

Path Traversal: '../filedir'

A vulnerability was found in SourceCodester Simple Image Stack Website 1.0

CVE-2023-6896 6.1 - Medium - December 17, 2023

A vulnerability was found in SourceCodester Simple Image Stack Website 1.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument search with the input sy2ap%22%3e%3cscript%3ealert(1)%3c%2fscript%3etkxh1 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248255.

XSS

A vulnerability, which was classified as critical, has been found in SourceCodester Simple Student Attendance System 1.0

CVE-2023-6771 9.8 - Critical - December 13, 2023

A vulnerability, which was classified as critical, has been found in SourceCodester Simple Student Attendance System 1.0. This issue affects the function save_attendance of the file actions.class.php. The manipulation of the argument sid leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247907.

SQL Injection

A vulnerability classified as critical was found in SourceCodester Simple Student Attendance System 1.0

CVE-2023-6658 9.8 - Critical - December 10, 2023

A vulnerability classified as critical was found in SourceCodester Simple Student Attendance System 1.0. This vulnerability affects unknown code of the file ajax-api.php?action=save_attendance. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-247366 is the identifier assigned to this vulnerability.

SQL Injection

A vulnerability classified as critical has been found in SourceCodester Simple Student Attendance System 1.0

CVE-2023-6657 9.8 - Critical - December 10, 2023

A vulnerability classified as critical has been found in SourceCodester Simple Student Attendance System 1.0. This affects an unknown part of the file /modals/student_form.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-247365 was assigned to this vulnerability.

SQL Injection

A vulnerability was found in SourceCodester Simple Invoice Generator System 1.0 and classified as problematic

CVE-2023-6650 6.1 - Medium - December 10, 2023

A vulnerability was found in SourceCodester Simple Invoice Generator System 1.0 and classified as problematic. This issue affects some unknown processing of the file login.php. The manipulation of the argument cashier leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247343.

XSS

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0

CVE-2023-6619 9.8 - Critical - December 08, 2023

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /modals/class_form.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247256.

SQL Injection

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0

CVE-2023-6618 8.8 - High - December 08, 2023

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247255.

Externally Controlled Reference to a Resource in Another Sphere

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0

CVE-2023-6617 9.8 - Critical - December 08, 2023

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been classified as critical. Affected is an unknown function of the file attendance.php. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-247254 is the identifier assigned to this vulnerability.

SQL Injection

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as problematic

CVE-2023-6616 6.1 - Medium - December 08, 2023

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247253 was assigned to this vulnerability.

XSS

SQL injection vulnerability in Packers and Movers Management System v.1.0

CVE-2023-46956 7.2 - High - November 30, 2023

SQL injection vulnerability in Packers and Movers Management System v.1.0 allows a remote attacker to execute arbitrary code via crafted payload to the /mpms/admin/?page=user/manage_user&id file.

SQL Injection

Lost and Found Information System 1.0

CVE-2023-38965 9.8 - Critical - November 03, 2023

Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI.

Insecure Direct Object Reference / IDOR

A vulnerability was found in SourceCodester Task Reminder System 1.0

CVE-2023-5814 8.8 - High - October 27, 2023

A vulnerability was found in SourceCodester Task Reminder System 1.0. It has been classified as critical. This affects an unknown part of the file /classes/Master.php?f=save_reminder. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-243645 was assigned to this vulnerability.

SQL Injection

A vulnerability was found in SourceCodester Task Reminder System 1.0 and classified as critical

CVE-2023-5813 8.8 - High - October 27, 2023

A vulnerability was found in SourceCodester Task Reminder System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=delete_reminder. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-243644.

SQL Injection

Sourcecodester Packers and Movers Management System v1.0 is vulnerable to SQL Injection

CVE-2023-46435 9.8 - Critical - October 26, 2023

Sourcecodester Packers and Movers Management System v1.0 is vulnerable to SQL Injection via mpms/?p=services/view_service&id.

SQL Injection

An issue in Expense Management System v.1.0

CVE-2023-44824 7.8 - High - October 17, 2023

An issue in Expense Management System v.1.0 allows a local attacker to execute arbitrary code via a crafted file uploaded to the sign-up.php component.

Unrestricted File Upload

A vulnerability was found in SourceCodester Online Motorcycle Rental System 1.0

CVE-2023-5585 6.1 - Medium - October 15, 2023

A vulnerability was found in SourceCodester Online Motorcycle Rental System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/?page=bike of the component Bike List. The manipulation of the argument Model with the input "><script>confirm (document.cookie)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-242170 is the identifier assigned to this vulnerability.

XSS

A vulnerability classified as problematic was found in SourceCodester Medicine Tracker System 1.0

CVE-2023-5581 6.1 - Medium - October 14, 2023

A vulnerability classified as problematic was found in SourceCodester Medicine Tracker System 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-242146 is the identifier assigned to this vulnerability.

XSS

A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical

CVE-2023-5423 9.8 - Critical - October 05, 2023

A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirm_order. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-241384.

SQL Injection

A vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0

CVE-2023-5374 9.8 - Critical - October 04, 2023

A vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file products.php. The manipulation of the argument c leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241255.

SQL Injection

A vulnerability classified as critical has been found in SourceCodester Online Computer and Laptop Store 1.0

CVE-2023-5373 9.8 - Critical - October 04, 2023

A vulnerability classified as critical has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected is the function register of the file Master.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-241254 is the identifier assigned to this vulnerability.

SQL Injection

A vulnerability, which was classified as problematic, has been found in SourceCodester Expense Tracker App v1

CVE-2023-5286 5.4 - Medium - September 29, 2023

A vulnerability, which was classified as problematic, has been found in SourceCodester Expense Tracker App v1. Affected by this issue is some unknown functionality of the file add_category.php of the component Category Handler. The manipulation of the argument category_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-240914 is the identifier assigned to this vulnerability.

XSS

Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection vulnerability

CVE-2023-30415 9.8 - Critical - September 28, 2023

Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /inquiries/view_inquiry.php.

SQL Injection

Sourcecodester Expense Tracker App v1 is vulnerable to Cross Site Scripting (XSS)

CVE-2023-44048 5.4 - Medium - September 27, 2023

Sourcecodester Expense Tracker App v1 is vulnerable to Cross Site Scripting (XSS) via add category.

XSS

An issue in Service Provider Management System v.1.0

CVE-2023-43457 9.8 - Critical - September 25, 2023

An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint.

Cross Site Scripting vulnerability in Service Provider Management System v.1.0

CVE-2023-43456 5.4 - Medium - September 25, 2023

Cross Site Scripting vulnerability in Service Provider Management System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the firstname, middlename and lastname parameters in the /php-spms/admin/?page=user endpoint.

XSS

A vulnerability, which was classified as problematic, was found in SourceCodester AC Repair and Services System 1.0

CVE-2023-5021 6.1 - Medium - September 17, 2023

A vulnerability, which was classified as problematic, was found in SourceCodester AC Repair and Services System 1.0. Affected is an unknown function of the file admin/?page=system_info/contact_information. The manipulation of the argument telephone/mobile/address leads to cross site scripting. It is possible to launch the attack remotely. VDB-239862 is the identifier assigned to this vulnerability.

XSS

A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0

CVE-2023-5018 9.8 - Critical - September 17, 2023

A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_category of the component POST Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-239859.

SQL Injection

Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0

CVE-2023-36159 6.1 - Medium - August 04, 2023

Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page.

XSS

A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical

CVE-2023-3850 9.8 - Critical - July 23, 2023

A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_category of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The identifier VDB-235201 was assigned to this vulnerability.

SQL Injection

A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0

CVE-2023-3680 9.8 - Critical - July 15, 2023

A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_item of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-234225 was assigned to this vulnerability.

SQL Injection

A vulnerability was found in SourceCodester Lost and Found Information System 1.0

CVE-2023-3679 9.8 - Critical - July 15, 2023

A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=save_inquiry of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-234224.

SQL Injection

A vulnerability was found in SourceCodester AC Repair and Services System 1.0

CVE-2023-3678 9.8 - Critical - July 15, 2023

A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_inquiry of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-234223.

SQL Injection

Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control, which

CVE-2023-31704 9.8 - Critical - July 13, 2023

Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control, which allows remote attackers to elevate privileges to the administrator's role.

A vulnerability was found in SourceCodester AC Repair and Services System 1.0

CVE-2023-3661 9.8 - Critical - July 13, 2023

A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been classified as critical. This affects an unknown part of the file /classes/Master.php?f=save_inquiry. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-234015.

SQL Injection

A vulnerability has been found in SourceCodester AC Repair and Services System 1.0 and classified as problematic

CVE-2023-3659 6.1 - Medium - July 13, 2023

A vulnerability has been found in SourceCodester AC Repair and Services System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/?page=user/manage_user. The manipulation of the argument firstname/middlename leads to cross site scripting. The attack can be launched remotely. The identifier VDB-234013 was assigned to this vulnerability.

XSS

A vulnerability, which was classified as critical, was found in SourceCodester AC Repair and Services System 1.0

CVE-2023-3658 9.8 - Critical - July 13, 2023

A vulnerability, which was classified as critical, was found in SourceCodester AC Repair and Services System 1.0. Affected is an unknown function of the file Master.php?f=delete_book of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-234012.

SQL Injection

A vulnerability, which was classified as critical, has been found in SourceCodester AC Repair and Services System 1.0

CVE-2023-3657 9.8 - Critical - July 13, 2023

A vulnerability, which was classified as critical, has been found in SourceCodester AC Repair and Services System 1.0. This issue affects some unknown processing of the file Master.php?f=save_book of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-234011.

SQL Injection

A vulnerability was found in SourceCodester Service Provider Management System 1.0

CVE-2023-3644 9.8 - Critical - July 12, 2023

A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=save_inquiry. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. VDB-233890 is the identifier assigned to this vulnerability.

SQL Injection

A vulnerability was found in SourceCodester AC Repair and Services System 1.0 and classified as critical

CVE-2023-3619 9.8 - Critical - July 11, 2023

A vulnerability was found in SourceCodester AC Repair and Services System 1.0 and classified as critical. This issue affects some unknown processing of the file Master.php?f=save_service of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The identifier VDB-233573 was assigned to this vulnerability.

SQL Injection

Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability

CVE-2023-33592 9.8 - Critical - June 28, 2023

Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information.

SQL Injection

A vulnerability was found in SourceCodester Human Resource Management System 1.0

CVE-2023-3391 9.8 - Critical - June 23, 2023

A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file detailview.php. The manipulation of the argument employeeid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232288.

SQL Injection

Sourcecodester Service Provider Management System v1.0 is vulnerable to SQL Injection

CVE-2023-34581 9.8 - Critical - June 12, 2023

Sourcecodester Service Provider Management System v1.0 is vulnerable to SQL Injection via the ID parameter in /php-spms/?page=services/view&id=2

SQL Injection

A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical

CVE-2023-3177 8.8 - High - June 09, 2023

A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin\inquiries\view_inquiry.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231151.

SQL Injection

A vulnerability, which was classified as critical, was found in SourceCodester Lost and Found Information System 1.0

CVE-2023-3176 8.8 - High - June 09, 2023

A vulnerability, which was classified as critical, was found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file admin\user\manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-231150 is the identifier assigned to this vulnerability.

SQL Injection

A vulnerability, which was classified as critical, was found in SourceCodester Service Provider Management System 1.0

CVE-2023-3120 7.2 - High - June 06, 2023

A vulnerability, which was classified as critical, was found in SourceCodester Service Provider Management System 1.0. This affects an unknown part of the file view_service.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230799.

SQL Injection

A vulnerability, which was classified as critical, has been found in SourceCodester Service Provider Management System 1.0

CVE-2023-3119 8.8 - High - June 06, 2023

A vulnerability, which was classified as critical, has been found in SourceCodester Service Provider Management System 1.0. Affected by this issue is some unknown functionality of the file view.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230798 is the identifier assigned to this vulnerability.

SQL Injection

A vulnerability was found in SourceCodester Lost and Found Information System 1.0

CVE-2023-3018 8.8 - High - May 31, 2023

A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/?page=user/list. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230362 is the identifier assigned to this vulnerability.

Authorization

A vulnerability was found in SourceCodester Lost and Found Information System 1.0

CVE-2023-3017 5.4 - Medium - May 31, 2023

A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as problematic. This affects an unknown part of the file admin/?page=user/manage_user of the component Manage User Page. The manipulation of the argument First Name/Middle Name/Last Name leads to basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230361 was assigned to this vulnerability.

Basic XSS

A vulnerability, which was classified as critical, was found in SourceCodester Budget and Expense Tracker System 1.0

CVE-2023-2772 8.8 - High - May 17, 2023

A vulnerability, which was classified as critical, was found in SourceCodester Budget and Expense Tracker System 1.0. Affected is an unknown function of the file /admin/budget/manage_budget.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-229278 is the identifier assigned to this vulnerability.

SQL Injection

A vulnerability classified as critical has been found in SourceCodester Service Provider Management System 1.0

CVE-2023-2769 8.8 - High - May 17, 2023

A vulnerability classified as critical has been found in SourceCodester Service Provider Management System 1.0. This affects an unknown part of the file /classes/Master.php?f=delete_service. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229275.

SQL Injection

Sourcecodester Online Computer and Laptop Store 1.0 allows unrestricted file upload and can lead to remote code execution

CVE-2023-31857 9.8 - Critical - May 16, 2023

Sourcecodester Online Computer and Laptop Store 1.0 allows unrestricted file upload and can lead to remote code execution. The vulnerability path is /classes/Users.php?f=save.

Unrestricted File Upload

A vulnerability, which was classified as critical, has been found in SourceCodester Lost and Found Information System 1.0

CVE-2023-2699 9.8 - Critical - May 14, 2023

A vulnerability, which was classified as critical, has been found in SourceCodester Lost and Found Information System 1.0. Affected by this issue is some unknown functionality of the file admin/?page=items/view_item of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228980.

SQL Injection

A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0

CVE-2023-2698 9.8 - Critical - May 14, 2023

A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=items/manage_item of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228979.

SQL Injection

A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0

CVE-2023-2672 9.8 - Critical - May 12, 2023

A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file items/view.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228888.

SQL Injection

A vulnerability was found in SourceCodester Lost and Found Information System 1.0

CVE-2023-2671 6.1 - Medium - May 12, 2023

A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file classes/Master.php?f=save_inquiry of the component Contact Form. The manipulation of the argument fullname/contact/message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228887.

XSS

A vulnerability was found in SourceCodester Lost and Found Information System 1.0

CVE-2023-2670 8.8 - High - May 12, 2023

A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/?page=user/manage_user. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228886 is the identifier assigned to this vulnerability.

A vulnerability was found in SourceCodester Lost and Found Information System 1.0

CVE-2023-2669 9.8 - Critical - May 12, 2023

A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as critical. This affects an unknown part of the file admin/?page=categories/view_category of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228885 was assigned to this vulnerability.

SQL Injection

A vulnerability was found in SourceCodester Lost and Found Information System 1.0 and classified as critical

CVE-2023-2668 9.8 - Critical - May 12, 2023

A vulnerability was found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this issue is the function manager_category of the file admin/?page=categories/manage_category of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228884.

SQL Injection

A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as problematic

CVE-2023-2667 6.1 - Medium - May 12, 2023

A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228883.

XSS

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical

CVE-2023-2661 9.8 - Critical - May 11, 2023

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Master.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228803.

SQL Injection

A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical

CVE-2023-2660 9.8 - Critical - May 11, 2023

A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This vulnerability affects unknown code of the file view_categories.php. The manipulation of the argument c leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228802 is the identifier assigned to this vulnerability.

SQL Injection

A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0

CVE-2023-2659 9.8 - Critical - May 11, 2023

A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file view_product.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228801 was assigned to this vulnerability.

SQL Injection

A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0

CVE-2023-2658 9.8 - Critical - May 11, 2023

A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file products.php. The manipulation of the argument c leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228800.

SQL Injection

A vulnerability classified as problematic was found in SourceCodester Online Computer and Laptop Store 1.0

CVE-2023-2657 6.1 - Medium - May 11, 2023

A vulnerability classified as problematic was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file products.php. The manipulation of the argument search leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228799.

XSS

A vulnerability classified as critical has been found in SourceCodester AC Repair and Services System 1.0

CVE-2023-2656 9.8 - Critical - May 11, 2023

A vulnerability classified as critical has been found in SourceCodester AC Repair and Services System 1.0. Affected is an unknown function of the file /classes/Master.php?f=delete_service. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-228798 is the identifier assigned to this vulnerability.

SQL Injection

A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0

CVE-2023-2653 9.8 - Critical - May 11, 2023

A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0. Affected by this vulnerability is an unknown functionality of the file items/index.php. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228781 was assigned to this vulnerability.

SQL Injection

A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0

CVE-2023-2652 9.8 - Critical - May 11, 2023

A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file /classes/Master.php?f=delete_item. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228780.

SQL Injection

A vulnerability was found in SourceCodester AC Repair and Services System 1.0

CVE-2023-2413 6.5 - Medium - April 29, 2023

A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/bookings/manage_booking.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227707.

SQL Injection

A vulnerability was found in SourceCodester AC Repair and Services System 1.0

CVE-2023-2412 6.5 - Medium - April 29, 2023

A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227706 is the identifier assigned to this vulnerability.

SQL Injection

A vulnerability was found in SourceCodester AC Repair and Services System 1.0 and classified as critical

CVE-2023-2411 6.5 - Medium - April 28, 2023

A vulnerability was found in SourceCodester AC Repair and Services System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/inquiries/view_inquiry.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227705 was assigned to this vulnerability.

SQL Injection

A vulnerability has been found in SourceCodester AC Repair and Services System 1.0 and classified as critical

CVE-2023-2410 6.5 - Medium - April 28, 2023

A vulnerability has been found in SourceCodester AC Repair and Services System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/bookings/view_booking.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227704.

SQL Injection

A vulnerability, which was classified as critical, was found in SourceCodester AC Repair and Services System 1.0

CVE-2023-2409 6.5 - Medium - April 28, 2023

A vulnerability, which was classified as critical, was found in SourceCodester AC Repair and Services System 1.0. This affects an unknown part of the file /admin/services/view_service.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227703.

SQL Injection

A vulnerability, which was classified as critical, has been found in SourceCodester AC Repair and Services System 1.0

CVE-2023-2408 6.5 - Medium - April 28, 2023

A vulnerability, which was classified as critical, has been found in SourceCodester AC Repair and Services System 1.0. Affected by this issue is some unknown functionality of the file services/view.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227702 is the identifier assigned to this vulnerability.

SQL Injection

A vulnerability classified as problematic was found in SourceCodester Service Provider Management System 1.0

CVE-2023-2350 5.4 - Medium - April 27, 2023

A vulnerability classified as problematic was found in SourceCodester Service Provider Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227593 was assigned to this vulnerability.

XSS

A vulnerability classified as problematic has been found in SourceCodester Service Provider Management System 1.0

CVE-2023-2349 5.4 - Medium - April 27, 2023

A vulnerability classified as problematic has been found in SourceCodester Service Provider Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227592.

XSS

A vulnerability was found in SourceCodester Service Provider Management System 1.0

CVE-2023-2348 9.8 - Critical - April 27, 2023

A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227591.

SQL Injection

A vulnerability was found in SourceCodester Service Provider Management System 1.0

CVE-2023-2347 9.8 - Critical - April 27, 2023

A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/services/manage_service.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227590 is the identifier assigned to this vulnerability.

SQL Injection

A vulnerability was found in SourceCodester Service Provider Management System 1.0

CVE-2023-2346 9.8 - Critical - April 27, 2023

A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/inquiries/view_inquiry.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227589 was assigned to this vulnerability.

SQL Injection

A vulnerability was found in SourceCodester Service Provider Management System 1.0 and classified as critical

CVE-2023-2345 9.8 - Critical - April 27, 2023

A vulnerability was found in SourceCodester Service Provider Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=delete_inquiry. The manipulation leads to improper authorization. The attack may be launched remotely. The identifier of this vulnerability is VDB-227588.

AuthZ

A vulnerability has been found in SourceCodester Service Provider Management System 1.0 and classified as critical

CVE-2023-2344 9.8 - Critical - April 27, 2023

A vulnerability has been found in SourceCodester Service Provider Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=save_service of the component HTTP POST Request Handler. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227587.

SQL Injection

A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical

CVE-2023-2242 8.8 - High - April 22, 2023

A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component GET Parameter Handler. The manipulation of the argument c/s leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227227.

SQL Injection

A vulnerability classified as problematic was found in SourceCodester Vehicle Service Management System 1.0

CVE-2023-2100 6.1 - Medium - April 15, 2023

A vulnerability classified as problematic was found in SourceCodester Vehicle Service Management System 1.0. This vulnerability affects unknown code of the file /admin/report/index.php. The manipulation of the argument date_end leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226108.

XSS