CVE-2024-6417 – SourceCodester Simple Online Bidding System sql injection
https://notcve.org/view.php?id=CVE-2024-6417
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/ajax.php?action=delete_user. The manipulation of the argument id leads to sql injection. • https://github.com/xyj123a/cve/blob/main/sql.md https://vuldb.com/?ctiid.270008 https://vuldb.com/?id.270008 https://vuldb.com/?submit.365234 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-6280 – SourceCodester Simple Online Bidding System unrestricted upload
https://notcve.org/view.php?id=CVE-2024-6280
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/ajax.php?action=save_settings. The manipulation of the argument img leads to unrestricted upload. • https://github.com/Isfulou/cve/blob/main/upload.md https://vuldb.com/?ctiid.269493 https://vuldb.com/?id.269493 https://vuldb.com/?submit.363054 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-5437 – SourceCodester Simple Online Bidding System save_category cross site scripting
https://notcve.org/view.php?id=CVE-2024-5437
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as problematic. Affected is the function save_category of the file /admin/index.php?page=categories. The manipulation of the argument name leads to cross site scripting. • https://github.com/pijiawei/CVE/blob/pijiawei-photo/SourceCodester%20Simple%20Online%20Bidding%20System%20XSS.md https://vuldb.com/?ctiid.266442 https://vuldb.com/?id.266442 https://vuldb.com/?submit.345066 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-5428 – SourceCodester Simple Online Bidding System HTTP POST Request save_product cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-5428
A vulnerability classified as problematic was found in SourceCodester Simple Online Bidding System 1.0. Affected by this vulnerability is the function save_product of the file /admin/index.php?page=manage_product of the component HTTP POST Request Handler. The manipulation leads to cross-site request forgery. The attack can be launched remotely. • https://github.com/kaikai145154/CVE-CSRF/blob/main/SourceCodester%20Simple%20Online%20Bidding%20System%20CSRF.md https://vuldb.com/?ctiid.266383 https://vuldb.com/?id.266383 https://vuldb.com/?submit.345072 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2024-4933 – SourceCodester Simple Online Bidding System sql injection
https://notcve.org/view.php?id=CVE-2024-4933
A vulnerability has been found in SourceCodester Simple Online Bidding System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/admin/index.php?page=manage_product. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. • https://github.com/rockersiyuan/CVE/blob/main/SourceCodester%20Simple%20Online%20Bidding%20System%20Sql%20Inject-4.md https://vuldb.com/?ctiid.264469 https://vuldb.com/?id.264469 https://vuldb.com/?submit.335367 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •