CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0498 – Project Worlds Lawyer Management System searchLawyer.php sql injection
https://notcve.org/view.php?id=CVE-2024-0498
13 Jan 2024 — A vulnerability was found in Project Worlds Lawyer Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file searchLawyer.php. The manipulation of the argument experience leads to sql injection. The attack can be launched remotely. • https://github.com/laoquanshi/heishou/blob/main/lawyermanagementsystem.doc • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0266 – Project Worlds Online Lawyer Management System User Registration cross site scripting
https://notcve.org/view.php?id=CVE-2024-0266
07 Jan 2024 — A vulnerability classified as problematic has been found in Project Worlds Online Lawyer Management System 1.0. Affected is an unknown function of the component User Registration. The manipulation of the argument First Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1U60z1xzBzJjalbmwBmPD5NjJ4pPaDevF/view?usp=sharing • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •