4 results (0.006 seconds)

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

Budget and Expense Tracker System v1.0 is vulnerable to SQL Injection via /expense_budget/admin/?page=reports/budget&date_start=2023-12-28&date_end= Budget and Expense Tracker System v1.0 es vulnerable a la inyección SQL a través de /expense_budget/admin/?page=reports/budget&date_start=2023-12-28&date_end= • https://github.com/GaoZzr/CVE_report/blob/main/budget-and-expense-tracker-system/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as critical, was found in SourceCodester Budget and Expense Tracker System 1.0. Affected is an unknown function of the file /admin/budget/manage_budget.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/wucwu1/CVEApplication/blob/main/SQL.md https://vuldb.com/?ctiid.229278 https://vuldb.com/?id.229278 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field. Una vulnerabilidad de inyección SQL en Sourcecodester Budget and Expense Tracker System versión v1 por oretnom23, permite a atacantes ejecutar comandos SQL arbitrarios por medio del campo username • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/B%26E%20Tracker-by:oretnom23-v1.0 https://www.sourcecodester.com/php/14893/budget-and-expense-tracker-system-php-free-source-code.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 2

Remote Code Execution (RCE) vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field. . Se presenta una vulnerabilidad de Ejecución de Código Remota (RCE) en Sourcecodester Budget and Expense Tracker System versión 1.0, que permite a un usuario remoto malicioso inyectar código arbitrario por medio del campo image upload • https://github.com/hax3xploit/CVE-2021-41645 https://www.exploit-db.com/exploits/50308 • CWE-434: Unrestricted Upload of File with Dangerous Type •