CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43013 – Asset Management System v1.0 - Unauthenticated SQL Injection (SQLi)
https://notcve.org/view.php?id=CVE-2023-43013
Asset Management System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'email' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control. Asset Management System v1.0 es vulnerable a una vulnerabilidad de Inyección SQL no autenticada en el parámetro 'email' de la página index.php, lo que permite a un atacante externo volcar todo el contenido de la base de datos y omitir el control de inicio de sesión. • https://fluidattacks.com/advisories/nergal https://projectworlds.in • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-44173 – Online Movie Ticket Booking System v1.0 - Reflected Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-44173
Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Reflected Cross-Site Scripting vulnerability. El Online Movie Ticket Booking System v1.0 es vulnerable a una vulnerabilidad de Cross-Site Scripting reflejado autenticado. • https://fluidattacks.com/advisories/harrison https://projectworlds.in • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5185 – Gym Management System Project v1.0 - Insecure File Upload
https://notcve.org/view.php?id=CVE-2023-5185
Gym Management System Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'file' parameter of profile/i.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. Gym Management System Project v1.0 es vulnerable a una vulnerabilidad de Carga de Archivos Insegura en el parámetro 'file' de la página perfil/i.php, lo que permite a un atacante autenticado obtener la Ejecución Remota de Código en el servidor que aloja la aplicación. • https://fluidattacks.com/advisories/orion https://projectworlds.in • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43740 – Online Book Store Project v1.0 - Insecure File Upload
https://notcve.org/view.php?id=CVE-2023-43740
Online Book Store Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'image' parameter of admin_edit.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. Online Book Store Project v1.0 es vulnerable a una vulnerabilidad de carga de archivos insegura en el parámetro 'image' de la página admin_edit.php, lo que permite a un atacante autenticado obtener la ejecución remota de código en el servidor que aloja la aplicación. • https://fluidattacks.com/advisories/shagrath https://projectworlds.in • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5053 – SQL Injection in hospital-management-system-in-php 378c157 in index.php
https://notcve.org/view.php?id=CVE-2023-5053
Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. La versión 378c157 de Hospital Management System permite omitir la autenticación. Esto es posible porque la aplicación es vulnerable a SQLI. • https://fluidattacks.com/advisories/shierro https://github.com/projectworldsofficial/hospital-management-system-in-php • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •