CVE-2023-6945 – SourceCodester Online Student Management System edit-student-detail.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-6945
A vulnerability has been found in SourceCodester Online Student Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file edit-student-detail.php. The manipulation of the argument notmsg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Online%20student%20management%20system(XSS)%202.md https://vuldb.com/?ctiid.248377 https://vuldb.com/?id.248377 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-6765 – SourceCodester Online Tours & Travels Management System email_setup.php prepare sql injection
https://notcve.org/view.php?id=CVE-2023-6765
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. This issue affects the function prepare of the file email_setup.php. The manipulation of the argument name leads to sql injection. The exploit has been disclosed to the public and may be used. • https://blog.csdn.net/xitanging/article/details/134903112 https://vuldb.com/?ctiid.247895 https://vuldb.com/?id.247895 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-46974
https://notcve.org/view.php?id=CVE-2023-46974
Cross Site Scripting vulnerability in Best Courier Management System v.1.000 allows a remote attacker to execute arbitrary code via a crafted payload to the page parameter in the URL. Vulnerabilidad de Cross Site Scripting en Best Courier Management System v.1.000 permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado en el parámetro de página en la URL. • https://github.com/yte121/CVE-2023-46974 https://youtu.be/5oVfJHT_-Ys • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-48823 – GaatiTrack Courier Management System 1.0 SQL Injection
https://notcve.org/view.php?id=CVE-2023-48823
A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login. Un problema de inyección de Blind SQL en ajax.php en GaatiTrack Courier Management System 1.0 permite que un atacante no autenticado inyecte un payload a través del parámetro de correo electrónico durante el inicio de sesión. GaatiTrack Courier Management System version 1.0 suffers from a remote SQL injection vulnerability. • http://packetstormsecurity.com/files/176030 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-6306 – SourceCodester Free and Open Source Inventory Management System member_data.php sql injection
https://notcve.org/view.php?id=CVE-2023-6306
A vulnerability classified as critical has been found in SourceCodester Free and Open Source Inventory Management System 1.0. Affected is an unknown function of the file /ample/app/ajax/member_data.php. The manipulation of the argument columns leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/BigTiger2020/2023/blob/main/Free%20and%20Open%20Source%20inventory%20management%20system/Free%20and%20Open%20Source%20inventory%20management%20system2.md https://vuldb.com/?ctiid.246132 https://vuldb.com/?id.246132 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •