CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-25302
https://notcve.org/view.php?id=CVE-2024-25302
Sourcecodester Event Student Attendance System 1.0, allows SQL Injection via the 'student' parameter. Sourcecodester Event Student Attendance System 1.0 permite la inyección SQL a través del parámetro 'student'. • https://github.com/tubakvgc/CVE/blob/main/Event_Student_Attendance_System.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2024-24496 – Daily Habit Tracker 1.0 - Broken Access Control
https://notcve.org/view.php?id=CVE-2024-24496
An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php, delete-tracker.php, update-tracker.php components. Un problema en Daily Habit Tracker v.1.0 permite a un atacante remoto manipular rastreadores a través de los componentes home.php, add-tracker.php, delete-tracker.php y update-tracker.php. Daily Habit Tracker version 1.0 suffers from an access control vulnerability. • https://www.exploit-db.com/exploits/51954 https://github.com/0xQRx/VunerabilityResearch/blob/master/2024/DailyHabitTracker-Broken_Access_Control.md • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-24495 – Daily Habit Tracker 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2024-24495
SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request. Vulnerabilidad de inyección SQL en delete-tracker.php en Daily Habit Tracker v.1.0 permite a un atacante remoto ejecutar código arbitrario a través de una solicitud GET manipulada. Daily Habit Tracker version 1.0 suffers from a remote SQL injection vulnerability. • https://www.exploit-db.com/exploits/51953 https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/DailyHabitTracker-SQL_Injection.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2024-1269 – SourceCodester Product Management System supplier.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-1269
A vulnerability has been found in SourceCodester Product Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /supplier.php. The manipulation of the argument supplier_name/supplier_contact leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/sajaljat/CVE-2024-1269 https://github.com/PrecursorYork/Product-Management-System-Using-PHP-and-MySQL-Reflected-XSS-POC/blob/main/README.md https://vuldb.com/?ctiid.253012 https://vuldb.com/?id.253012 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1197 – SourceCodester Testimonial Page Manager HTTP GET Request delete-testimonial.php sql injection
https://notcve.org/view.php?id=CVE-2024-1197
A vulnerability, which was classified as critical, has been found in SourceCodester Testimonial Page Manager 1.0. This issue affects some unknown processing of the file delete-testimonial.php of the component HTTP GET Request Handler. The manipulation of the argument testimony leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-252695. • https://vuldb.com/?ctiid.252695 https://vuldb.com/?id.252695 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •