CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9952 – SourceCodester Online Eyewear Shop Contact Information Page contact_info cross site scripting
https://notcve.org/view.php?id=CVE-2024-9952
15 Oct 2024 — A vulnerability was found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/?page=system_info/contact_info of the component Contact Information Page. The manipulation of the argument Address leads to cross site scripting. The attack may be initiated remotely. • https://gist.github.com/higordiego/bedd395e74a335f0145872c96d7cb92d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9906 – SourceCodester Online Eyewear Shop cross site scripting
https://notcve.org/view.php?id=CVE-2024-9906
13 Oct 2024 — A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /admin/?page=inventory/view_inventory&id=2. The manipulation of the argument Code leads to cross site scripting. It is possible to launch the attack remotely. • https://gist.github.com/higordiego/1c1e1709a6832cb63bbe9e9328f55ff9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9905 – SourceCodester Online Eyewear Shop sql injection
https://notcve.org/view.php?id=CVE-2024-9905
13 Oct 2024 — A vulnerability, which was classified as critical, has been found in SourceCodester Online Eyewear Shop 1.0. This issue affects some unknown processing of the file /admin/?page=inventory/view_inventory&id=2. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. • https://gist.github.com/higordiego/8679961c9d732e4068aaa37fd8d01439 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9809 – SourceCodester Online Eyewear Shop Master.php delete_product sql injection
https://notcve.org/view.php?id=CVE-2024-9809
10 Oct 2024 — A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as critical. Affected by this vulnerability is the function delete_product of the file /classes/Master.php?f=delete_product. The manipulation of the argument id leads to sql injection. • https://github.com/wuyanzu-lab/cve/blob/main/sql.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9808 – SourceCodester Online Eyewear Shop sql injection
https://notcve.org/view.php?id=CVE-2024-9808
10 Oct 2024 — A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=products/view_product. The manipulation of the argument id leads to sql injection. • https://github.com/r1ckyL/cve/blob/main/sql.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9317 – SourceCodester Online Eyewear Shop Master.php delete_category sql injection
https://notcve.org/view.php?id=CVE-2024-9317
28 Sep 2024 — A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is the function delete_category of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. • https://github.com/o0wll/cve/blob/main/sql.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9082 – SourceCodester Online Eyewear Shop User Creation Users.php improper authorization
https://notcve.org/view.php?id=CVE-2024-9082
22 Sep 2024 — A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Users.phpf=save of the component User Creation Handler. The manipulation of the argument type with the input 1 leads to improper authorization. The attack may be launched remotely. • https://github.com/41lai/cve/blob/main/add.md • CWE-266: Incorrect Privilege Assignment CWE-285: Improper Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9081 – SourceCodester Online Eyewear Shop view_category.php sql injection
https://notcve.org/view.php?id=CVE-2024-9081
22 Sep 2024 — A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file view_category.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. • https://github.com/41lai/cve/blob/main/sql.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 3CVE-2024-8949 – SourceCodester Online Eyewear Shop Cart Content Master.php improper ownership management
https://notcve.org/view.php?id=CVE-2024-8949
17 Sep 2024 — A vulnerability classified as critical has been found in SourceCodester Online Eyewear Shop 1.0. This affects an unknown part of the file /classes/Master.php of the component Cart Content Handler. The manipulation of the argument cart_id/id leads to improper ownership management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/fa-rrel/CVE-2024-8949-POC • CWE-282: Improper Ownership Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5894 – SourceCodester Online Eyewear Shop manage_product.php sql injection
https://notcve.org/view.php?id=CVE-2024-5894
12 Jun 2024 — A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects unknown code of the file manage_product.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Hefei-Coffee/cve/blob/main/sql10.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •