Page 2 of 17 results (0.012 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/ajax.php?action=delete_user. The manipulation of the argument id leads to sql injection. • https://github.com/xyj123a/cve/blob/main/sql.md https://vuldb.com/?ctiid.270008 https://vuldb.com/?id.270008 https://vuldb.com/?submit.365234 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/ajax.php?action=save_settings. The manipulation of the argument img leads to unrestricted upload. • https://github.com/Isfulou/cve/blob/main/upload.md https://vuldb.com/?ctiid.269493 https://vuldb.com/?id.269493 https://vuldb.com/?submit.363054 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as problematic. Affected is the function save_category of the file /admin/index.php?page=categories. The manipulation of the argument name leads to cross site scripting. • https://github.com/pijiawei/CVE/blob/pijiawei-photo/SourceCodester%20Simple%20Online%20Bidding%20System%20XSS.md https://vuldb.com/?ctiid.266442 https://vuldb.com/?id.266442 https://vuldb.com/?submit.345066 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0

A vulnerability classified as problematic was found in SourceCodester Simple Online Bidding System 1.0. Affected by this vulnerability is the function save_product of the file /admin/index.php?page=manage_product of the component HTTP POST Request Handler. The manipulation leads to cross-site request forgery. The attack can be launched remotely. • https://github.com/kaikai145154/CVE-CSRF/blob/main/SourceCodester%20Simple%20Online%20Bidding%20System%20CSRF.md https://vuldb.com/?ctiid.266383 https://vuldb.com/?id.266383 https://vuldb.com/?submit.345072 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability has been found in SourceCodester Simple Online Bidding System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/admin/index.php?page=manage_product. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. • https://github.com/rockersiyuan/CVE/blob/main/SourceCodester%20Simple%20Online%20Bidding%20System%20Sql%20Inject-4.md https://vuldb.com/?ctiid.264469 https://vuldb.com/?id.264469 https://vuldb.com/?submit.335367 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •