CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-44430
https://notcve.org/view.php?id=CVE-2024-44430
13 Sep 2024 — SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload to the kortex_lite/control/register_case.php interface • https://blog.csdn.net/samwbs/article/details/140954482 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40473
https://notcve.org/view.php?id=CVE-2024-40473
08 Aug 2024 — A Stored Cross Site Scripting (XSS) vulnerability was found in "manage_houses.php" in SourceCodester Best House Rental Management System v1.0. It allows remote attackers to execute arbitrary code via "House_no" and "Description" parameter fields. • https://github.com/takekaramey/CVE_Writeup/blob/main/Sourcecodester/Best%20House%20Rental%20Management%20System%20v1.0/Stored%20XSS.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40474
https://notcve.org/view.php?id=CVE-2024-40474
08 Aug 2024 — A Reflected Cross Site Scripting (XSS) vulnerability was found in "edit-cate.php" in SourceCodester House Rental Management System v1.0. • https://github.com/takekaramey/CVE_Writeup/blob/main/Sourcecodester/Best%20House%20Rental%20Management%20System%20v1.0/Reflected%20XSS.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40475
https://notcve.org/view.php?id=CVE-2024-40475
08 Aug 2024 — SourceCodester Best House Rental Management System v1.0 is vulnerable to Incorrect Access Control via /rental/payment_report.php, /rental/balance_report.php, /rental/invoices.php, /rental/tenants.php, and /rental/users.php. • https://github.com/takekaramey/CVE_Writeup/blob/main/Sourcecodester/Best%20House%20Rental%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20Deep%20URL.pdf • CWE-284: Improper Access Control •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40476
https://notcve.org/view.php?id=CVE-2024-40476
08 Aug 2024 — A Cross-Site Request Forgery (CSRF) vulnerability was found in SourceCodester Best House Rental Management System v1.0. This could lead to an attacker tricking the administrator into adding/modifying/deleting valid tenant data via a crafted HTML page, as demonstrated by a Delete Tenant action at the /rental/ajax.php?action=delete_tenant. • https://github.com/takekaramey/CVE_Writeup/blob/main/Sourcecodester/Best%20House%20Rental%20Management%20System%20v1.0/CSRF.pdf • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36569
https://notcve.org/view.php?id=CVE-2024-36569
03 Jun 2024 — Sourcecodester Gas Agency Management System v1.0 is vulnerable to arbitrary code execution via editClientImage.php. Sourcecodester Gas Agency Management System v1.0 es vulnerable a la ejecución de código arbitrario a través de editClientImage.php. • https://github.com/debug601/bug_report/blob/main/vendors/mayuri_k/gas-agency-management-system/RCE-1.md • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36568
https://notcve.org/view.php?id=CVE-2024-36568
03 Jun 2024 — Sourcecodester Gas Agency Management System v1.0 is vulnerable to SQL Injection via /gasmark/editbrand.php?id=. Sourcecodester Gas Agency Management System v1.0 es vulnerable a la inyección SQL a través de /gasmark/editbrand.php?id=. • https://github.com/debug601/bug_report/blob/main/vendors/mayuri_k/gas-agency-management-system/SQL-1.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28613
https://notcve.org/view.php?id=CVE-2024-28613
24 Apr 2024 — SQL Injection vulnerability in PHP Task Management System v.1.0 allows a remote attacker to escalate privileges and obtain sensitive information via the task_id parameter of the task-details.php, and edit-task.php component. Vulnerabilidad de inyección SQL en PHP Task Management System v.1.0 permite a un atacante remoto escalar privilegios y obtener información confidencial a través del parámetro task_id del componente task-details.php y edit-task.php. • https://github.com/hakkitoklu/hunt/blob/main/PHP%20Task%20Management%20System/sqli.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2024-27743 – Petrol Pump Management Software v1.0 - 'Address' Stored Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-27743
01 Mar 2024 — Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the Address parameter in the add_invoices.php component. Una vulnerabilidad de Cross-Site Scripting en Petrol Pump Mangement Software v.1.0 permite a un atacante ejecutar código arbitrario a través de un payload manipulado en el parámetro Dirección en el componente add_invoices.php. Petrol Pump Management Software version 1.0 suffers from multiple cross site script... • https://packetstorm.news/files/id/177405 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 2CVE-2024-27744 – Petrol Pump Management Software v.1.0 - Stored Cross Site Scripting via SVG file
https://notcve.org/view.php?id=CVE-2024-27744
01 Mar 2024 — Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the image parameter in the profile.php component. Vulnerabilidad de Cross-Site Scripting en Petrol Pump Mangement Software v.1.0 permite a un atacante ejecutar código arbitrario a través de un payload manipulado en el parámetro de imagen en el componente profile.php. Petrol Pump Management Software version 1.0 suffers from multiple cross site scripting vulnerabilit... • https://packetstorm.news/files/id/177405 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •