CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0462 – code-projects Online Faculty Clearance HTTP POST Request designee_view_status.php sql injection
https://notcve.org/view.php?id=CVE-2024-0462
A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /production/designee_view_status.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. The attack can be launched remotely. • https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL2.pdf https://vuldb.com/?ctiid.250567 https://vuldb.com/?id.250567 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0461 – code-projects Online Faculty Clearance HTTP POST Request deactivate.php sql injection
https://notcve.org/view.php?id=CVE-2024-0461
A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been classified as critical. Affected is an unknown function of the file deactivate.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. It is possible to launch the attack remotely. • https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL1.pdf https://vuldb.com/?ctiid.250566 https://vuldb.com/?id.250566 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7124 – code-projects E-Commerce Site search.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-7124
A vulnerability, which was classified as problematic, was found in code-projects E-Commerce Site 1.0. Affected is an unknown function of the file search.php. The manipulation of the argument keyword with the input <video/src=x onerror=alert(document.cookie)> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/h4md153v63n/CVEs/blob/main/E-commerce_Site/E-commerce_Site-Reflected_Cross_Site_Scripting.md https://vuldb.com/?ctiid.249096 https://vuldb.com/?id.249096 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7111 – code-projects Library Management System index.php sql injection
https://notcve.org/view.php?id=CVE-2023-7111
A vulnerability, which was classified as critical, was found in code-projects Library Management System 2.0. Affected is an unknown function of the file index.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/h4md153v63n/CVEs/blob/main/Library-Management-System/Library-Management-System_SQL_Injection-3.md https://vuldb.com/?ctiid.249006 https://vuldb.com/?id.249006 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7097 – code-projects Water Billing System addbill.php sql injection
https://notcve.org/view.php?id=CVE-2023-7097
A vulnerability classified as critical has been found in code-projects Water Billing System 1.0. This affects an unknown part of the file /addbill.php. The manipulation of the argument owners_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Glunko/vulnerability/blob/main/Water-Billing-System_sql.md https://vuldb.com/?ctiid.248949 https://vuldb.com/?id.248949 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •