CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9041 – SourceCodester Best House Rental Management System ajax.php sql injection
https://notcve.org/view.php?id=CVE-2024-9041
A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=update_account. The manipulation of the argument firstname/lastname/email leads to sql injection. The attack can be initiated remotely. • https://vuldb.com/?id.278212 https://vuldb.com/?ctiid.278212 https://vuldb.com/?submit.411502 https://github.com/para-paradise/webray.com.cn/blob/main/Best%20house%20rental%20management%20system%20project%20in%20php/Best%20house%20rental%20management%20system%20update_account%20time-based%20SQL%20Injection%20Vulnerability.md https://www.sourcecodester.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9039 – SourceCodester Best House Rental Management System ajax.php sql injection
https://notcve.org/view.php?id=CVE-2024-9039
A vulnerability, which was classified as critical, has been found in SourceCodester Best House Rental Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=signup. The manipulation of the argument firstname/lastname/email leads to sql injection. The attack may be launched remotely. • https://github.com/para-paradise/webray.com.cn/blob/main/Best%20house%20rental%20management%20system%20project%20in%20php/Best%20house%20rental%20management%20system%20signup%20time-based%20SQL%20Injection%20Vulnerability.md https://vuldb.com/?ctiid.278210 https://vuldb.com/?id.278210 https://vuldb.com/?submit.411471 https://www.sourcecodester.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9033 – SourceCodester Best House Rental Management System ajax.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-9033
A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=save_category. The manipulation of the argument name leads to cross site scripting. The attack can be launched remotely. • https://github.com/para-paradise/webray.com.cn/blob/main/Best%20house%20rental%20management%20system%20project%20in%20php/Best%20house%20rental%20management%20system%20project%20in%20php%20Stored%20Cross-Site%20Scripting(XSS)%20vulnerability.md https://vuldb.com/?ctiid.278203 https://vuldb.com/?id.278203 https://vuldb.com/?submit.410977 https://www.sourcecodester.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9032 – SourceCodester Simple Forum-Discussion System index.php path traversal
https://notcve.org/view.php?id=CVE-2024-9032
A vulnerability, which was classified as critical, was found in SourceCodester Simple Forum-Discussion System 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument page leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.278202 https://vuldb.com/?id.278202 https://vuldb.com/?submit.410976 https://www.shawroot.cc/2804.html https://www.sourcecodester.com • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9008 – SourceCodester Best Online News Portal Comment Section news-details.php sql injection
https://notcve.org/view.php?id=CVE-2024-9008
A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0. This vulnerability affects unknown code of the file /news-details.php of the component Comment Section. The manipulation of the argument name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-News-Portal-Comment-Blind-SQLi.md https://vuldb.com/?ctiid.278164 https://vuldb.com/?id.278164 https://vuldb.com/?submit.409956 https://www.sourcecodester.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •