2 results (0.009 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file add_user.php. The manipulation of the argument city leads to sql injection. The attack can be launched remotely. • https://github.com/CveSecLook/cve/blob/main/CRUD%20(Create%2C%20Read%2C%20Update%2C%20Delete)%20Without%20Page%20Reload%3ARefresh%20Using%20PHP%20and%20MySQL%20with%20Source%20Code%202/sql-1.md https://vuldb.com/?ctiid.256453 https://vuldb.com/?id.256453 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file fetch_data.php. The manipulation of the argument username/city leads to cross site scripting. The attack may be launched remotely. • https://github.com/PrecursorYork/crud-without-refresh-reload-Reflected_XSS-POC/blob/main/README.md https://vuldb.com/?ctiid.252782 https://vuldb.com/?id.252782 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •