CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50760 – Online Notice Board System v1.0 - Insecure File Upload
https://notcve.org/view.php?id=CVE-2023-50760
Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/update_profile_pic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. Online Notice Board System v1.0 es afectado por una vulnerabilidad de carga de archivos insegura en el parámetro 'f' de la página user/update_profile_pic.php, lo que permite a un atacante autenticado obtener la ejecución remota de código en el servidor que aloja la aplicación. • https://fluidattacks.com/advisories/arrau https://www.kashipara.com • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50753 – Online Notice Board System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-50753
Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the user/update_profile.php resource does not validate the characters received and they are sent unfiltered to the database. Online Notice Board System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'dd' del recurso user/update_profile.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/perahia https://www.kashipara.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50752 – Online Notice Board System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-50752
Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'e' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. Online Notice Board System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'e' del recurso login.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/perahia https://www.kashipara.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50743 – Online Notice Board System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-50743
Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the registration.php resource does not validate the characters received and they are sent unfiltered to the database. Online Notice Board System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'dd' del recurso registration.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/perahia https://www.kashipara.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49666 – Billing Software v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-49666
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'custmer_details' parameter of the submit_material_list.php resource does not validate the characters received and they are sent unfiltered to the database. Billing Software v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'custmer_details' del recurso submit_material_list.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/zimerman https://www.kashipara.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •