CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11262 – SourceCodester Student Record Management System View All Student Marks main stack-based overflow
https://notcve.org/view.php?id=CVE-2024-11262
A vulnerability has been found in SourceCodester Student Record Management System 1.0 and classified as critical. Affected by this vulnerability is the function main of the component View All Student Marks. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. • https://github.com/Hacker0xone/CVE/issues/13 https://vuldb.com/?ctiid.284719 https://vuldb.com/?id.284719 https://vuldb.com/?submit.443950 https://www.sourcecodester.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11261 – SourceCodester Student Record Management System Number of Students Menu StudentRecordManagementSystem.cpp memory corruption
https://notcve.org/view.php?id=CVE-2024-11261
A vulnerability, which was classified as critical, was found in SourceCodester Student Record Management System 1.0. Affected is an unknown function of the file StudentRecordManagementSystem.cpp of the component Number of Students Menu. The manipulation leads to memory corruption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. • https://github.com/Hacker0xone/CVE/issues/12 https://vuldb.com/?ctiid.284718 https://vuldb.com/?id.284718 https://vuldb.com/?submit.443906 https://www.sourcecodester.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11247 – SourceCodester Online Eyewear Shop Inventory Page Master.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-11247
A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=save_product of the component Inventory Page. The manipulation of the argument brand leads to cross site scripting. The attack can be launched remotely. • https://github.com/Fl4g-Pshacker/cve/blob/main/xss.md https://vuldb.com/?ctiid.284683 https://vuldb.com/?id.284683 https://vuldb.com/?submit.443194 https://www.sourcecodester.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11214 – SourceCodester Best Employee Management System profile.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-11214
A vulnerability has been found in SourceCodester Best Employee Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/profile.php. The manipulation of the argument website_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/sh3rl0ckpggp/0day/blob/main/Employee_management%20_system_RCE.md https://vuldb.com/?ctiid.284530 https://vuldb.com/?id.284530 https://vuldb.com/?submit.443304 https://www.sourcecodester.com • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11213 – SourceCodester Best Employee Management System edit_role.php sql injection
https://notcve.org/view.php?id=CVE-2024-11213
A vulnerability, which was classified as critical, was found in SourceCodester Best Employee Management System 1.0. This affects an unknown part of the file /admin/edit_role.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/sh3rl0ckpggp/0day/blob/main/authenticated_sqli_Employee_management_system.md https://vuldb.com/?ctiid.284529 https://vuldb.com/?id.284529 https://vuldb.com/?submit.443298 https://www.sourcecodester.com • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •