CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5895 – SourceCodester Employee and Visitor Gate Pass Logging System delete_users sql injection
https://notcve.org/view.php?id=CVE-2024-5895
12 Jun 2024 — A vulnerability, which was classified as critical, has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. This issue affects the function delete_users of the file /classes/Users.php?f=delete. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. • https://github.com/Hefei-Coffee/cve/blob/main/sql11.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4921 – SourceCodester Employee and Visitor Gate Pass Logging System unrestricted upload
https://notcve.org/view.php?id=CVE-2024-4921
16 May 2024 — A vulnerability classified as critical has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Affected is an unknown function of the file /employee_gatepass/classes/Users.php?f=ssave. The manipulation of the argument img leads to unrestricted upload. It is possible to launch the attack remotely. • https://github.com/I-Schnee-I/cev/blob/main/upload.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-31752
https://notcve.org/view.php?id=CVE-2023-31752
23 May 2023 — SourceCodester Employee and Visitor Gate Pass Logging System v1.0 is vulnerable to SQL Injection via /employee_gatepass/classes/Login.php. • https://github.com/4O4NtFd/bug_report/blob/main/SQLI2/SQLi-2.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2090 – SourceCodester Employee and Visitor Gate Pass Logging System GET Parameter view_designation.php sql injection
https://notcve.org/view.php?id=CVE-2023-2090
15 Apr 2023 — A vulnerability classified as critical has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Affected is an unknown function of the file /admin/maintenance/view_designation.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/4O4NtFd/bug_report/blob/main/SQLI1/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46309
https://notcve.org/view.php?id=CVE-2021-46309
21 Jan 2022 — An SQL Injection vulnerability exists in Sourcecodester Employee and Visitor Gate Pass Logging System 1.0 via the username parameter. Se presenta una vulnerabilidad de inyección SQL en Sourcecodester Employee and Visitor Gate Pass Logging System versión 1.0, por medio del parámetro username • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2022/Employee-and-Visitor-Gate-Pass-Logging • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •