CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9039 – SourceCodester Best House Rental Management System ajax.php sql injection
https://notcve.org/view.php?id=CVE-2024-9039
20 Sep 2024 — A vulnerability, which was classified as critical, has been found in SourceCodester Best House Rental Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=signup. The manipulation of the argument firstname/lastname/email leads to sql injection. The attack may be launched remotely. • https://github.com/para-paradise/webray.com.cn/blob/main/Best%20house%20rental%20management%20system%20project%20in%20php/Best%20house%20rental%20management%20system%20signup%20time-based%20SQL%20Injection%20Vulnerability.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9033 – SourceCodester Best House Rental Management System ajax.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-9033
20 Sep 2024 — A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=save_category. The manipulation of the argument name leads to cross site scripting. The attack can be launched remotely. • https://github.com/para-paradise/webray.com.cn/blob/main/Best%20house%20rental%20management%20system%20project%20in%20php/Best%20house%20rental%20management%20system%20project%20in%20php%20Stored%20Cross-Site%20Scripting(XSS)%20vulnerability.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9032 – SourceCodester Simple Forum-Discussion System index.php path traversal
https://notcve.org/view.php?id=CVE-2024-9032
20 Sep 2024 — A vulnerability, which was classified as critical, was found in SourceCodester Simple Forum-Discussion System 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument page leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.278202 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9008 – SourceCodester Best Online News Portal Comment Section news-details.php sql injection
https://notcve.org/view.php?id=CVE-2024-9008
19 Sep 2024 — A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0. This vulnerability affects unknown code of the file /news-details.php of the component Comment Section. The manipulation of the argument name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-News-Portal-Comment-Blind-SQLi.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 31%CPEs: 1EXPL: 1CVE-2024-46377
https://notcve.org/view.php?id=CVE-2024-46377
18 Sep 2024 — Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the save_settings() function of the file rental/admin_class.php. • https://github.com/vidura2/CVE-2024-46377 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-8951 – SourceCodester Resort Reservation System manage_fee.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-8951
17 Sep 2024 — A vulnerability classified as problematic was found in SourceCodester Resort Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file manage_fee.php. The manipulation of the argument toview leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-Resort-Reservation-system-XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2024-8949 – SourceCodester Online Eyewear Shop Cart Content Master.php improper ownership management
https://notcve.org/view.php?id=CVE-2024-8949
17 Sep 2024 — A vulnerability classified as critical has been found in SourceCodester Online Eyewear Shop 1.0. This affects an unknown part of the file /classes/Master.php of the component Cart Content Handler. The manipulation of the argument cart_id/id leads to improper ownership management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/fa-rrel/CVE-2024-8949-POC • CWE-282: Improper Ownership Management •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-8711 – SourceCodester Food Ordering Management System includes exposure of information through directory listing
https://notcve.org/view.php?id=CVE-2024-8711
12 Sep 2024 — A vulnerability, which was classified as problematic, has been found in SourceCodester Food Ordering Management System 1.0. Affected by this issue is some unknown functionality of the file /includes/. The manipulation leads to exposure of information through directory listing. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jz-qb/cve/blob/main/dir.md • CWE-548: Exposure of Information Through Directory Listing •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-8709 – SourceCodester Best House Rental Management System admin_class.php save_user sql injection
https://notcve.org/view.php?id=CVE-2024-8709
12 Sep 2024 — A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is the function delete_user/save_user of the file /admin_class.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/gaorenyusi/gaorenyusi/blob/main/rental1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8708 – SourceCodester Best House Rental Management System categories.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-8708
12 Sep 2024 — A vulnerability was found in SourceCodester Best House Rental Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file categories.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. • https://vuldb.com/?ctiid.277217 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •