CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2670 – SourceCodester Lost and Found Information System access control
https://notcve.org/view.php?id=CVE-2023-2670
A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/?page=user/manage_user. The manipulation leads to improper access controls. • https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2670.md https://vuldb.com/?ctiid.228886 https://vuldb.com/?id.228886 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2669 – SourceCodester Lost and Found Information System GET Parameter sql injection
https://notcve.org/view.php?id=CVE-2023-2669
A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as critical. This affects an unknown part of the file admin/?page=categories/view_category of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. • https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2669.md https://vuldb.com/?ctiid.228885 https://vuldb.com/?id.228885 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2668 – SourceCodester Lost and Found Information System GET Parameter manager_category sql injection
https://notcve.org/view.php?id=CVE-2023-2668
A vulnerability was found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this issue is the function manager_category of the file admin/?page=categories/manage_category of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. • https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2668.md https://vuldb.com/?ctiid.228884 https://vuldb.com/?id.228884 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2667 – SourceCodester Lost and Found Information System cross site scripting
https://notcve.org/view.php?id=CVE-2023-2667
A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2667.md https://vuldb.com/?ctiid.228883 https://vuldb.com/?id.228883 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2661 – SourceCodester Online Computer and Laptop Store Master.php sql injection
https://notcve.org/view.php?id=CVE-2023-2661
A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Master.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Online-Computer-and-Laptop-Store---Multiple-vulnerabilities.md#5sql-injection-vulnerability-in-classesmasterphp https://vuldb.com/?ctiid.228803 https://vuldb.com/?id.228803 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •