CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2075 – SourceCodester Daily Habit Tracker update-tracker.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-2075
A vulnerability was found in SourceCodester Daily Habit Tracker 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/update-tracker.php. The manipulation of the argument day leads to cross site scripting. The attack can be launched remotely. • https://github.com/vanitashtml/CVE-Dumps/blob/main/Stored%20XSS%20Daily%20Habit%20Tracker.md https://vuldb.com/?ctiid.255391 https://vuldb.com/?id.255391 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2024-24496 – Daily Habit Tracker 1.0 - Broken Access Control
https://notcve.org/view.php?id=CVE-2024-24496
An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php, delete-tracker.php, update-tracker.php components. Un problema en Daily Habit Tracker v.1.0 permite a un atacante remoto manipular rastreadores a través de los componentes home.php, add-tracker.php, delete-tracker.php y update-tracker.php. Daily Habit Tracker version 1.0 suffers from an access control vulnerability. • https://www.exploit-db.com/exploits/51954 https://github.com/0xQRx/VunerabilityResearch/blob/master/2024/DailyHabitTracker-Broken_Access_Control.md • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-24495 – Daily Habit Tracker 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2024-24495
SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request. Vulnerabilidad de inyección SQL en delete-tracker.php en Daily Habit Tracker v.1.0 permite a un atacante remoto ejecutar código arbitrario a través de una solicitud GET manipulada. Daily Habit Tracker version 1.0 suffers from a remote SQL injection vulnerability. • https://www.exploit-db.com/exploits/51953 https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/DailyHabitTracker-SQL_Injection.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2024-24140
https://notcve.org/view.php?id=CVE-2024-24140
Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via the parameter 'tracker.' La aplicación Sourcecodester Daily Habit Tracker 1.0 permite la inyección SQL a través del parámetro 'tracker'. • https://github.com/BurakSevben/CVE-2024-24140 https://github.com/BurakSevben/Daily_Habit_Tracker_App_SQL_Injection • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •