CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7815 – CodeAstro Online Railway Reservation System Update Employee Page admin-update-employee.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-7815
A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/admin-update-employee.php of the component Update Employee Page. The manipulation of the argument emp_fname /emp_lname /emp_nat_idno/emp_addr leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/CYB84/CVE_Writeup/blob/main/Online%20Railway%20Reservation%20System/Stored%20XSS.md https://vuldb.com/?ctiid.274711 https://vuldb.com/?id.274711 https://vuldb.com/?submit.391376 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7814 – CodeAstro Online Railway Reservation System Add Employee Page admin-add-employee.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-7814
A vulnerability, which was classified as problematic, was found in CodeAstro Online Railway Reservation System 1.0. Affected is an unknown function of the file /admin/admin-add-employee.php of the component Add Employee Page. The manipulation of the argument emp_fname /emp_lname /emp_nat_idno/emp_addr leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/CYB84/CVE_Writeup/blob/main/Online%20Railway%20Reservation%20System/Stored%20XSS.md https://vuldb.com/?ctiid.274710 https://vuldb.com/?id.274710 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2351 – CodeAstro Ecommerce Site Search action.php sql injection
https://notcve.org/view.php?id=CVE-2024-2351
A vulnerability classified as critical was found in CodeAstro Ecommerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file action.php of the component Search. The manipulation of the argument cat_id/brand_id/keyword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://docs.qq.com/doc/DYklCV0thWnRaaWpY https://vuldb.com/?ctiid.256303 https://vuldb.com/?id.256303 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 3CVE-2024-2333 – CodeAstro Membership Management System add_members.php sql injection
https://notcve.org/view.php?id=CVE-2024-2333
A vulnerability classified as critical has been found in CodeAstro Membership Management System 1.0. Affected is an unknown function of the file /add_members.php. The manipulation of the argument fullname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/sxyrxyy/aiohttp-exploit-CVE-2024-23334-certstream https://github.com/brian-edgar-re/poc-cve-2024-23334 https://github.com/0x404Ming/CVE_Hunter/blob/main/SQLi-3.md https://vuldb.com/?ctiid.256284 https://vuldb.com/?id.256284 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2149 – CodeAstro Membership Management System settings.php sql injection
https://notcve.org/view.php?id=CVE-2024-2149
A vulnerability classified as critical was found in CodeAstro Membership Management System 1.0. This vulnerability affects unknown code of the file settings.php. The manipulation of the argument currency leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/JiaDongGao1/CVE_Hunter/blob/main/SQLi-2.md https://vuldb.com/?ctiid.255502 https://vuldb.com/?id.255502 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •