CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7361 – SourceCodester Tracking Monitoring Management System ajax.php sql injection
https://notcve.org/view.php?id=CVE-2024-7361
A vulnerability classified as critical was found in SourceCodester Tracking Monitoring Management System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=save_establishment. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. • https://gist.github.com/topsky979/f01eca07fce854bf5de96588126cdd7e https://vuldb.com/?ctiid.273340 https://vuldb.com/?id.273340 https://vuldb.com/?submit.383496 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7360 – SourceCodester Tracking Monitoring Management System ajax.php cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-7360
A vulnerability classified as problematic has been found in SourceCodester Tracking Monitoring Management System 1.0. This affects an unknown part of the file /ajax.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://gist.github.com/topsky979/ac97a335ed9fcf4eefe3c952928a6d0e https://vuldb.com/?ctiid.273339 https://vuldb.com/?id.273339 https://vuldb.com/?submit.383495 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7359 – SourceCodester Tracking Monitoring Management System ajax.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-7359
A vulnerability was found in SourceCodester Tracking Monitoring Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_establishment. The manipulation of the argument name leads to cross site scripting. • https://gist.github.com/topsky979/6fbd27f1942d76f0392d883dfd8fef10 https://vuldb.com/?ctiid.273338 https://vuldb.com/?id.273338 https://vuldb.com/?submit.383494 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •