CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41615
https://notcve.org/view.php?id=CVE-2023-41615
08 Sep 2023 — Zoo Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the Admin sign-in page via the username and password fields. Se ha descubierto que Zoo Management System v1.0 contiene múltiples vulnerabilidades de inyección SQL en la página de inicio de sesión del administrador a través de los campos de nombre de usuario y contraseña. • https://medium.com/%40guravtushar231/sql-injection-in-login-field-a9073780f7e8 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-40925
https://notcve.org/view.php?id=CVE-2022-40925
26 Sep 2022 — Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_event" file of the "Events" module in the background management system. Zoo Management System versión v1.0, presenta una vulnerabilidad de carga arbitraria de archivos en el punto de descarga de imágenes del archivo "save_event" del módulo "Events" del sistema de gestión de fondo. • https://github.com/admin77888/Bug_report/blob/main/vendors/pushpam02/zoo-management-system/RCE-2.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-40924
https://notcve.org/view.php?id=CVE-2022-40924
26 Sep 2022 — Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_animal" file of the "Animals" module in the background management system. Zoo Management System versión v1.0, presenta una vulnerabilidad de carga de archivos arbitraria en el punto de descarga de imágenes del archivo "save_animal" del módulo "Animals" en el sistema de administración en segundo plano. • https://github.com/admin77888/Bug_report/blob/main/vendors/pushpam02/zoo-management-system/RCE-1.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-40932
https://notcve.org/view.php?id=CVE-2022-40932
22 Sep 2022 — In Zoo Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of the "gallery" file of the "Gallery" module in the background management system. En Zoo Management System versión v1.0, se presenta una vulnerabilidad de carga arbitraria de archivos en el punto de descarga de imágenes del archivo "gallery" del módulo "Gallery" en el sistema de administración de fondo • https://github.com/lime-10010/Bug_report/blob/main/vendors/pushpam02/zoo-management-system/RCE-1.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2804 – SourceCodester Zoo Management System apply_vacancy.php unrestricted upload
https://notcve.org/view.php?id=CVE-2022-2804
12 Aug 2022 — A vulnerability was found in SourceCodester Zoo Management System. It has been classified as critical. Affected is an unknown function of the file /pages/apply_vacancy.php. The manipulation of the argument filename leads to unrestricted upload. It is possible to launch the attack remotely. • https://s1.ax1x.com/2022/08/12/vJ5pEd.png • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2803 – SourceCodester Zoo Management System animals.php sql injection
https://notcve.org/view.php?id=CVE-2022-2803
12 Aug 2022 — A vulnerability was found in SourceCodester Zoo Management System and classified as critical. This issue affects some unknown processing of the file /pages/animals.php. The manipulation of the argument class_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://s1.ax1x.com/2022/08/12/vJ4zHH.png • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2022-33075
https://notcve.org/view.php?id=CVE-2022-33075
05 Jul 2022 — A stored cross-site scripting (XSS) vulnerability in the Add Classification function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via unspecified vectors. Una vulnerabilidad de tipo cross-site scripting (XSS) almacenada en la función Add Classification de Zoo Management System versión v1.0, permite a atacantes ejecutar scripts web o HTM arbitrarios por medio de vectores no especificados • https://github.com/angelopioamirante/CVE-2022-33075 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 3CVE-2022-31897 – Zoo Management System 1.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2022-31897
22 Jun 2022 — SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via public_html/register_visitor?msg=. SourceCodester Zoo Management System versión 1.0, es vulnerable a un ataque de tipo Cross Site Scripting (XSS) por medio de public_html/register_visitor?msg= Zoo Management System version 1.0 suffers from a cross site scripting vulnerability. • https://packetstorm.news/files/id/167572 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31914
https://notcve.org/view.php?id=CVE-2022-31914
16 Jun 2022 — Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via zms/admin/public_html/save_animal?an_id=24. Zoo Management System versión v1.0 es vulnerable a Cross Site Scripting (XSS) a través de zms/admin/public_html/save_animal?an_id=24 • https://github.com/mikeccltt/0525/blob/main/zoo-management-system/xss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-4232 – Zoo Management System manage-ticket.php cross site scripting
https://notcve.org/view.php?id=CVE-2021-4232
26 May 2022 — A vulnerability classified as problematic has been found in Zoo Management System 1.0. Affected is an unknown function of the file admin/manage-ticket.php. The manipulation with the input <script>alert(1)</script> leads to cross site scripting. It is possible to launch the attack remotely. Se ha encontrado una vulnerabilidad clasificada como problemática en Zoo Management System versión 1.0. • https://vuldb.com/?id.178254 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •