CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-8558 – SourceCodester Food Ordering Management System Price place-order.php improper validation of specified quantity in input
https://notcve.org/view.php?id=CVE-2024-8558
A vulnerability classified as problematic was found in SourceCodester Food Ordering Management System 1.0. This vulnerability affects unknown code of the file /foms/routers/place-order.php of the component Price Handler. The manipulation of the argument total leads to improper validation of specified quantity in input. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Niu-zida/cve/blob/main/Payment%20loopholes.md https://vuldb.com/?ctiid.276778 https://vuldb.com/?id.276778 https://vuldb.com/?submit.403345 https://www.sourcecodester.com • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-8557 – SourceCodester Food Ordering Management System cancel-order.php sql injection
https://notcve.org/view.php?id=CVE-2024-8557
A vulnerability classified as critical has been found in SourceCodester Food Ordering Management System 1.0. This affects an unknown part of the file /foms/routers/cancel-order.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.276777 https://vuldb.com/?ctiid.276777 https://vuldb.com/?submit.403082 https://github.com/tldjgggg/cve/blob/main/sql2.md https://www.sourcecodester.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-8555 – SourceCodester Clinics Patient Management System congratulations.php redirect
https://notcve.org/view.php?id=CVE-2024-8555
A vulnerability was found in SourceCodester Clinics Patient Management System 2.0. It has been classified as problematic. Affected is an unknown function of the file congratulations.php. The manipulation of the argument goto_page leads to open redirect. It is possible to launch the attack remotely. • https://vuldb.com/?id.276774 https://vuldb.com/?ctiid.276774 https://vuldb.com/?submit.402386 https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-Clinic's-Patient-Management-System-Open-Redirect.md https://www.sourcecodester.com • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-8554 – SourceCodester Clinics Patient Management System users.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-8554
A vulnerability was found in SourceCodester Clinics Patient Management System 2.0 and classified as problematic. This issue affects some unknown processing of the file /users.php. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-Clinic's-Patient-Management-System-Reflected-XSS.md https://vuldb.com/?ctiid.276773 https://vuldb.com/?id.276773 https://vuldb.com/?submit.402384 https://www.sourcecodester.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-8416 – SourceCodester Food Ordering Management System ticket-status.php sql injection
https://notcve.org/view.php?id=CVE-2024-8416
A vulnerability was found in SourceCodester Food Ordering Management System 1.0. It has been classified as critical. This affects an unknown part of the file /routers/ticket-status.php. The manipulation of the argument ticket_id leads to sql injection. It is possible to initiate the attack remotely. • https://github.com/SherlockMA0/cve/blob/main/sql2.md https://vuldb.com/?ctiid.276495 https://vuldb.com/?id.276495 https://vuldb.com/?submit.402369 https://www.sourcecodester.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •