CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10335 – SourceCodester Garbage Collection Management System login.php sql injection
https://notcve.org/view.php?id=CVE-2024-10335
24 Oct 2024 — A vulnerability was found in SourceCodester Garbage Collection Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. • https://github.com/tang-0717/VUL/blob/main/Garbage-Collection-Management-System-01.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 19%CPEs: 1EXPL: 1CVE-2024-44812
https://notcve.org/view.php?id=CVE-2024-44812
22 Oct 2024 — SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component. • https://github.com/b1u3st0rm/CVE-2024-44812-PoC • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10163 – SourceCodester Sentiment Based Movie Rating System movie_details.php sql injection
https://notcve.org/view.php?id=CVE-2024-10163
20 Oct 2024 — A vulnerability was found in SourceCodester Sentiment Based Movie Rating System 1.0. It has been classified as critical. Affected is an unknown function of the file /msrps/movie_details.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. • https://github.com/2967607153/CVE-report/blob/main/Sourcecodester-SQLi-Sentiment-Based-Moive-Rating.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9975 – SourceCodester Drag and Drop Image Upload upload.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-9975
15 Oct 2024 — A vulnerability was found in SourceCodester Drag and Drop Image Upload 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /upload.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. • https://github.com/JunMing27/CVE/blob/main/SourceCodester%20-%20Arbitrary%20File%20Upload%20vulnerability%20leads%20to%20RCE%20in%20Drag%20and%20Drop%20Image%20Upload%20without%20Refresh%20Reload%20Using%20PHP%20and%20Ajax.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9974 – SourceCodester Online Eyewear Shop POST Request Master.php sql injection
https://notcve.org/view.php?id=CVE-2024-9974
15 Oct 2024 — A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file classes/Master.php?f=add_to_card of the component POST Request Handler. The manipulation of the argument product_id leads to sql injection. • https://gist.github.com/higordiego/2373b9e3e89f03e5f8888efd38eb4b48 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9973 – SourceCodester Online Eyewear Shop Report Viewing Page page sql injection
https://notcve.org/view.php?id=CVE-2024-9973
15 Oct 2024 — A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=reports of the component Report Viewing Page. The manipulation of the argument date leads to sql injection. • https://gist.github.com/higordiego/b9699573de61b26f2290e69f38d23fd0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9952 – SourceCodester Online Eyewear Shop Contact Information Page contact_info cross site scripting
https://notcve.org/view.php?id=CVE-2024-9952
15 Oct 2024 — A vulnerability was found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/?page=system_info/contact_info of the component Contact Information Page. The manipulation of the argument Address leads to cross site scripting. The attack may be initiated remotely. • https://gist.github.com/higordiego/bedd395e74a335f0145872c96d7cb92d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9906 – SourceCodester Online Eyewear Shop cross site scripting
https://notcve.org/view.php?id=CVE-2024-9906
13 Oct 2024 — A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /admin/?page=inventory/view_inventory&id=2. The manipulation of the argument Code leads to cross site scripting. It is possible to launch the attack remotely. • https://gist.github.com/higordiego/1c1e1709a6832cb63bbe9e9328f55ff9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9905 – SourceCodester Online Eyewear Shop sql injection
https://notcve.org/view.php?id=CVE-2024-9905
13 Oct 2024 — A vulnerability, which was classified as critical, has been found in SourceCodester Online Eyewear Shop 1.0. This issue affects some unknown processing of the file /admin/?page=inventory/view_inventory&id=2. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. • https://gist.github.com/higordiego/8679961c9d732e4068aaa37fd8d01439 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9818 – SourceCodester Online Veterinary Appointment System manage_category.php sql injection
https://notcve.org/view.php?id=CVE-2024-9818
10 Oct 2024 — A vulnerability classified as critical has been found in SourceCodester Online Veterinary Appointment System 1.0. Affected is an unknown function of the file /admin/categories/manage_category.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/fezzyang/CVE_report/blob/main/online-veterinary-appointment-system/SQLi.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •