CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-42359
https://notcve.org/view.php?id=CVE-2023-42359
SQL injection vulnerability in Exam Form Submission in PHP with Source Code v.1.0 allows a remote attacker to escalate privileges via the val-username parameter in /index.php. Vulnerabilidad de inyección SQL en el Exam Form Submission en PHP con Código Fuente v.1.0 permite a un atacante remoto escalar privilegios a través del parámetro val-username en /index.php. • https://upbeat-washer-def.notion.site/Exam-Form-Submission-In-PHP-SQL-Injection-in-index-php-bd71962db712459488019d531ab2f6f2?pvs=4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3806 – SourceCodester House Rental and Property Listing System btn_functions.php unrestricted upload
https://notcve.org/view.php?id=CVE-2023-3806
A vulnerability, which was classified as critical, was found in SourceCodester House Rental and Property Listing System 1.0. Affected is an unknown function of the file btn_functions.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/GZRsecurity/Cve-System/blob/main/House%20Rental%20and%20Property%20Listing%20System%20register.php%20has%20%20File%20Upload(RCE)%20Vulnerability.pdf https://vuldb.com/?ctiid.235074 https://vuldb.com/?id.235074 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-15031 – PHP-Login POST Parameter class.loginscript.php checkLogin sql injection
https://notcve.org/view.php?id=CVE-2016-15031
A vulnerability was found in PHP-Login 1.0. It has been declared as critical. This vulnerability affects the function checkLogin of the file login/scripts/class.loginscript.php of the component POST Parameter Handler. The manipulation of the argument myusername leads to sql injection. The attack can be initiated remotely. • https://github.com/ipoelnet/php-login/commit/0083ec652786ddbb81335ea20da590df40035679 https://github.com/ipoelnet/php-login/releases/tag/v2.0 https://vuldb.com/?ctiid.228022 https://vuldb.com/?id.228022 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-29168
https://notcve.org/view.php?id=CVE-2020-29168
SQL Injection vulnerability in Projectworlds Online Doctor Appointment Booking System, allows attackers to gain sensitive information via the q parameter to the getuser.php endpoint. • https://projectworlds.in/free-projects/php-projects/online-doctor-appointment-booking-system-php-and-mysql/%2C https://projectworlds.in/wp-content/uploads/2020/05/PHP-Doctor-Appointment-System.zip https://www.exploit-db.com/exploits/49059 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-36503
https://notcve.org/view.php?id=CVE-2021-36503
SQL injection vulnerability in native-php-cms 1.0 allows remote attackers to run arbitrary SQL commands via the cat parameter to /list.php file. • https://github.com/Fanli2012/native-php-cms/issues/3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •