CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2025-3045 – oretnom23/SourceCodester Apartment Visitor Management System remove-apartment.php sql injection
https://notcve.org/view.php?id=CVE-2025-3045
01 Apr 2025 — A vulnerability, which was classified as critical, was found in oretnom23/SourceCodester Apartment Visitor Management System 1.0. Affected is an unknown function of the file /remove-apartment.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/byxs0x0/SQL/blob/main/SQL2.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-34479
https://notcve.org/view.php?id=CVE-2024-34479
07 Aug 2024 — SourceCodester Computer Laboratory Management System 1.0 allows classes/Master.php id SQL Injection. • https://cxsecurity.com/issue/WLB-2024080004 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-34480
https://notcve.org/view.php?id=CVE-2024-34480
07 Aug 2024 — SourceCodester Computer Laboratory Management System 1.0 allows admin/category/view_category.php id SQL Injection. • https://cxsecurity.com/issue/WLB-2024080003 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-41332 – Computer Laboratory Management System 1.0 Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-41332
02 Aug 2024 — Incorrect access control in the delete_category function of Sourcecodester Computer Laboratory Management System v1.0 allows authenticated attackers with low-level privileges to arbitrarily delete categories. Computer Laboratory Management System version 1.0 suffers from an incorrect access control that allows for privilege escalation. • https://packetstorm.news/files/id/179890 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-37856 – Lost and Found Information System 1.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-37856
13 Jun 2024 — Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the first, last, middle name fields in the User Profile page. Lost and Found Information System version 1.0 suffers from a persistent cross site scripting vulnerability. • https://packetstorm.news/files/id/179078 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-32167
https://notcve.org/view.php?id=CVE-2024-32167
10 Jun 2024 — Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Arbitrary file deletion vulnerability as the backend settings have the function of deleting pictures to delete any files. Sourcecodester Online Medicine Ordering System 1.0 es afectado por una vulnerabilidad de eliminación arbitraria de archivos ya que la configuración del backend tiene la función de eliminar imágenes para eliminar cualquier archivo. • https://github.com/ss122-0ss/cms/blob/main/omos.md •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5385 – oretnom23 Online Car Wash Booking System cross site scripting
https://notcve.org/view.php?id=CVE-2024-5385
27 May 2024 — A vulnerability, which was classified as problematic, has been found in oretnom23 Online Car Wash Booking System 1.0. This issue affects some unknown processing of the file /admin/?page=user/list. The manipulation of the argument First Name/Last Name with the input <script>confirm (document.cookie)</script> leads to cross site scripting. The attack may be initiated remotely. • https://vuldb.com/?ctiid.266303 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2023-51281
https://notcve.org/view.php?id=CVE-2023-51281
07 Mar 2024 — Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address parameters. La vulnerabilidad de Cross-Site Scripting en Customer Support System v.1.0 permite a un atacante remoto escalar privilegios a través de un script manipulado con parámetros de nombre, "apellido", "segundo nombre", "contacto" y dirección. • https://github.com/geraldoalcantara/CVE-2023-51281 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-33677
https://notcve.org/view.php?id=CVE-2023-33677
06 Mar 2024 — Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*". Sourcecodester Lost and Found Information System's Version 1.0 es vulnerable a una inyección SQL no autenticada en "?page=items/view&id=*". • https://github.com/ASR511-OO7/CVE-2023-33677 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 1CVE-2023-49971
https://notcve.org/view.php?id=CVE-2023-49971
06 Mar 2024 — A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter at /customer_support/index.php?page=customer_list. Una vulnerabilidad de cross-site scripting (XSS) en Customer Support System v1 permite a los atacantes ejecutar scripts web arbitrarios o HTML a través de un payload manipulado inyectado en el parámetro de nombre en /customer_support/index.php?page=customer_list. • https://github.com/geraldoalcantara/CVE-2023-49971 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •