CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9089 – SourceCodester Modern Loan Management System update_loan_record.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-9089
22 Sep 2024 — A vulnerability was found in SourceCodester Modern Loan Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file update_loan_record.php. The manipulation of the argument amount leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.278267 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9088 – SourceCodester Telecom Billing Management System login buffer overflow
https://notcve.org/view.php?id=CVE-2024-9088
22 Sep 2024 — A vulnerability has been found in SourceCodester Telecom Billing Management System 1.0 and classified as critical. This vulnerability affects the function login. The manipulation of the argument uname leads to buffer overflow. The exploit has been disclosed to the public and may be used. In SourceCodester Telecom Billing Management System 1.0 wurde eine kritische Schwachstelle gefunden. • https://github.com/CveSecLook/cve/issues/61 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9083 – SourceCodester Employee Management System add-admin.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-9083
22 Sep 2024 — A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file /Admin/add-admin.php. The manipulation of the argument txtfullname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/zz0zz0/CVE/blob/main/Employee%20Management%20System%20--XSS/Employee%20Management%20System%20--XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9082 – SourceCodester Online Eyewear Shop User Creation Users.php improper authorization
https://notcve.org/view.php?id=CVE-2024-9082
22 Sep 2024 — A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Users.phpf=save of the component User Creation Handler. The manipulation of the argument type with the input 1 leads to improper authorization. The attack may be launched remotely. • https://github.com/41lai/cve/blob/main/add.md • CWE-266: Incorrect Privilege Assignment CWE-285: Improper Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9081 – SourceCodester Online Eyewear Shop view_category.php sql injection
https://notcve.org/view.php?id=CVE-2024-9081
22 Sep 2024 — A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file view_category.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. • https://github.com/41lai/cve/blob/main/sql.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9041 – SourceCodester Best House Rental Management System ajax.php sql injection
https://notcve.org/view.php?id=CVE-2024-9041
20 Sep 2024 — A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=update_account. The manipulation of the argument firstname/lastname/email leads to sql injection. The attack can be initiated remotely. • https://vuldb.com/?id.278212 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9039 – SourceCodester Best House Rental Management System ajax.php sql injection
https://notcve.org/view.php?id=CVE-2024-9039
20 Sep 2024 — A vulnerability, which was classified as critical, has been found in SourceCodester Best House Rental Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=signup. The manipulation of the argument firstname/lastname/email leads to sql injection. The attack may be launched remotely. • https://github.com/para-paradise/webray.com.cn/blob/main/Best%20house%20rental%20management%20system%20project%20in%20php/Best%20house%20rental%20management%20system%20signup%20time-based%20SQL%20Injection%20Vulnerability.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9033 – SourceCodester Best House Rental Management System ajax.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-9033
20 Sep 2024 — A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=save_category. The manipulation of the argument name leads to cross site scripting. The attack can be launched remotely. • https://github.com/para-paradise/webray.com.cn/blob/main/Best%20house%20rental%20management%20system%20project%20in%20php/Best%20house%20rental%20management%20system%20project%20in%20php%20Stored%20Cross-Site%20Scripting(XSS)%20vulnerability.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9032 – SourceCodester Simple Forum-Discussion System index.php path traversal
https://notcve.org/view.php?id=CVE-2024-9032
20 Sep 2024 — A vulnerability, which was classified as critical, was found in SourceCodester Simple Forum-Discussion System 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument page leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.278202 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9008 – SourceCodester Best Online News Portal Comment Section news-details.php sql injection
https://notcve.org/view.php?id=CVE-2024-9008
19 Sep 2024 — A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0. This vulnerability affects unknown code of the file /news-details.php of the component Comment Section. The manipulation of the argument name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-News-Portal-Comment-Blind-SQLi.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •