CVE-2024-7273 – itsourcecode Alton Management System search.php sql injection
https://notcve.org/view.php?id=CVE-2024-7273
A vulnerability classified as critical was found in itsourcecode Alton Management System 1.0. This vulnerability affects unknown code of the file search.php. The manipulation of the argument rcode leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/DeepMountains/Mirage/blob/main/CVE8-1.md https://vuldb.com/?ctiid.273142 https://vuldb.com/?id.273142 https://vuldb.com/?submit.381089 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-7195 – itsourcecode Society Management System check_admin.php sql injection
https://notcve.org/view.php?id=CVE-2024-7195
A vulnerability was found in itsourcecode Society Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/check_admin.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. • https://github.com/DeepMountains/Mirage/blob/main/CVE7-2.md https://vuldb.com/?ctiid.272616 https://vuldb.com/?id.272616 https://vuldb.com/?submit.380384 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-7194 – itsourcecode Society Management System check_student.php sql injection
https://notcve.org/view.php?id=CVE-2024-7194
A vulnerability was found in itsourcecode Society Management System 1.0 and classified as critical. This issue affects some unknown processing of the file check_student.php. The manipulation of the argument student_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.272615 https://vuldb.com/?ctiid.272615 https://vuldb.com/?submit.380383 https://github.com/DeepMountains/Mirage/blob/main/CVE7-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-7192 – itsourcecode Society Management System student.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-7192
A vulnerability, which was classified as critical, was found in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/student.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/DeepMountains/Mirage/blob/main/CVE7-6.md https://vuldb.com/?ctiid.272613 https://vuldb.com/?id.272613 https://vuldb.com/?submit.380387 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-7191 – itsourcecode Society Management System get_balance.php sql injection
https://notcve.org/view.php?id=CVE-2024-7191
A vulnerability, which was classified as critical, has been found in itsourcecode Society Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/get_balance.php. The manipulation of the argument student_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/DeepMountains/Mirage/blob/main/CVE7-5.md https://vuldb.com/?ctiid.272612 https://vuldb.com/?id.272612 https://vuldb.com/?submit.380386 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •