CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-51978
https://notcve.org/view.php?id=CVE-2023-51978
In PHPGurukul Art Gallery Management System v1.1, "Update Artist Image" functionality of "imageid" parameter is vulnerable to SQL Injection. En PHPGurukul Art Gallery Management System v1.1, la funcionalidad "Update Artist Image" del parámetro "imageid" es vulnerable a la inyección SQL. • https://github.com/hackerhijeck/Exploited/blob/main/Art_Gallary/SQL_Injection.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-37771
https://notcve.org/view.php?id=CVE-2023-37771
Art Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /agms/product.php. • https://github.com/anky-123/CVE-2023-37771 https://github.com/anky-123/CVE-2023-37771/blob/main/CVE • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24726
https://notcve.org/view.php?id=CVE-2023-24726
Art Gallery Management System v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter on the enquiry page. • https://github.com/rahulpatwari/CVE/blob/main/CVE-2023-24726/CVE-2023-24726.txt https://phpgurukul.com/art-gallery-management-system-using-php-and-mysql https://phpgurukul.com/projects/Art-Gallery-MS-PHP.zip • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-23156 – Art Gallery Management System Project in PHP v 1.0 - SQL injection
https://notcve.org/view.php?id=CVE-2023-23156
Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the pid parameter in the single-product page. • https://www.exploit-db.com/exploits/51272 https://gist.github.com/y0gesh-verma/3de9b3e3f0d2b63c07e6704e232d9620 https://phpgurukul.com/art-gallery-management-system-using-php-and-mysql https://phpgurukul.com/projects/Art-Gallery-MS-PHP.zip • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-23157
https://notcve.org/view.php?id=CVE-2023-23157
A stored cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fullname parameter on the enquiry page. • https://github.com/y0gesh-verma/CVE/blob/main/CVE-2023-23157/CVE-2023-23157.txt https://phpgurukul.com/art-gallery-management-system-using-php-and-mysql https://phpgurukul.com/projects/Art-Gallery-MS-PHP.zip • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •