CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5021 – SourceCodester AC Repair and Services System cross site scripting
https://notcve.org/view.php?id=CVE-2023-5021
A vulnerability, which was classified as problematic, was found in SourceCodester AC Repair and Services System 1.0. Affected is an unknown function of the file admin/?page=system_info/contact_information. The manipulation of the argument telephone/mobile/address leads to cross site scripting. It is possible to launch the attack remotely. • https://vuldb.com/?ctiid.239862 https://vuldb.com/?id.239862 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5018 – SourceCodester Lost and Found Information System POST Parameter sql injection
https://notcve.org/view.php?id=CVE-2023-5018
A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_category of the component POST Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. • https://vuldb.com/?ctiid.239859 https://vuldb.com/?id.239859 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-36159
https://notcve.org/view.php?id=CVE-2023-36159
Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page. • https://github.com/unknown00759/CVE-2023-36159 http://lost.com https://cyberredteam.tech/posts/cve-2023-36159 https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3850 – SourceCodester Lost and Found Information System HTTP POST Request sql injection
https://notcve.org/view.php?id=CVE-2023-3850
A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_category of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. • https://vuldb.com/?ctiid.235201 https://vuldb.com/?id.235201 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3680 – SourceCodester Lost and Found Information System HTTP POST Request sql injection
https://notcve.org/view.php?id=CVE-2023-3680
A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_item of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. • https://vuldb.com/?ctiid.234225 https://vuldb.com/?id.234225 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •