CVE-2024-40487
https://notcve.org/view.php?id=CVE-2024-40487
A Stored Cross Site Scripting (XSS) vulnerability was found in "/view_type.php" of Kashipara Live Membership System v1.0, which allows remote attackers to execute arbitrary code via membershipType parameter. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Live%20Membership%20System%20v1.0/Stored%20XSS.pdf https://www.kashipara.com/project/php/12997/live-membership-system-in-php-php-project-source-code • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-40484
https://notcve.org/view.php?id=CVE-2024-40484
A Reflected Cross Site Scripting (XSS) vulnerability was found in "/oahms/search.php" in PHPGurukul Old Age Home Management System v1.0, which allows remote attackers to execute arbitrary code via the "searchdata" parameter. • https://github.com/takekaramey/CVE_Writeup/blob/main/PHPGurukul/Old%20Age%20Home%20Mgmt%20System%20v1.0/Reflected%20XSS.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-40473
https://notcve.org/view.php?id=CVE-2024-40473
It allows remote attackers to execute arbitrary code via "House_no" and "Description" parameter fields. • https://github.com/takekaramey/CVE_Writeup/blob/main/Sourcecodester/Best%20House%20Rental%20Management%20System%20v1.0/Stored%20XSS.pdf https://www.sourcecodester.com/php/17375/best-courier-management-system-project-php.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-40486
https://notcve.org/view.php?id=CVE-2024-40486
A SQL injection vulnerability in "/index.php" of Kashipara Live Membership System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email or password Login parameters. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Live%20Membership%20System%20v1.0/SQL%20Injection.pdf https://www.kashipara.com/project/php/12997/live-membership-system-in-php-php-project-source-code • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-40481
https://notcve.org/view.php?id=CVE-2024-40481
A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/view-enquiry.php" in PHPGurukul Old Age Home Management System v1.0, which allows remote attackers to execute arbitrary code via the Contact Us page "message" parameter. • https://github.com/takekaramey/CVE_Writeup/blob/main/PHPGurukul/Old%20Age%20Home%20Mgmt%20System%20v1.0/Stored%20XSS.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •