6 results (0.003 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

A vulnerability classified as problematic has been found in PHPGurukul Online Notes Sharing System 1.0. Affected is an unknown function of the file /user/profile.php of the component Contact Information Handler. The manipulation of the argument mobilenumber leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/notes_parameter_tampering.md https://vuldb.com/?ctiid.248742 https://vuldb.com/?id.248742 • CWE-284: Improper Access Control CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /user/add-notes.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. • https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/notes_malicious_fileupload.md https://vuldb.com/?ctiid.248741 https://vuldb.com/?id.248741 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user/signup.php. The manipulation leads to weak password requirements. The attack can be initiated remotely. • https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/note_weakpass.md https://vuldb.com/?ctiid.248740 https://vuldb.com/?id.248740 • CWE-521: Weak Password Requirements •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been classified as problematic. This affects an unknown part of the file /user/profile.php. The manipulation of the argument name leads to cross-site request forgery. It is possible to initiate the attack remotely. • https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/csrf_profile_notes.md https://vuldb.com/?ctiid.248739 https://vuldb.com/?id.248739 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/manage-notes.php of the component Notes Handler. The manipulation of the argument delid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/csrf_delete_notes.md https://vuldb.com/?ctiid.248738 https://vuldb.com/?id.248738 • CWE-352: Cross-Site Request Forgery (CSRF) •