CVE-2023-1721 – Yoga Class Registration System 1.0 - RCE
https://notcve.org/view.php?id=CVE-2023-1721
Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators. • https://fluidattacks.com/advisories/blessd https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2023-29626
https://notcve.org/view.php?id=CVE-2023-29626
Yoga Class Registration System 1.0 was discovered to contain a SQL injection vulnerability via the cid parameter at /admin/login.php. • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/Yoga-Class-Registration%20-1.0-2023%20-%20Multiple-SQLi • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-1395 – SourceCodester Yoga Class Registration System list.php query cross site scripting
https://notcve.org/view.php?id=CVE-2023-1395
A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. It has been declared as problematic. This vulnerability affects the function query of the file admin/user/list.php. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. • https://blog.csdn.net/Dwayne_Wade/article/details/129496689 https://vuldb.com/?ctiid.222982 https://vuldb.com/?id.222982 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-1366 – SourceCodester Yoga Class Registration System manage_category.php query sql injection
https://notcve.org/view.php?id=CVE-2023-1366
A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. It has been classified as critical. This affects the function query of the file admin/categories/manage_category.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. • https://blog.csdn.net/Dwayne_Wade/article/details/129493110 https://vuldb.com/?ctiid.222873 https://vuldb.com/?id.222873 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-0982 – SourceCodester Yoga Class Registration System Add Class Entry sql injection
https://notcve.org/view.php?id=CVE-2023-0982
A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Add Class Entry. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. • https://vuldb.com/?ctiid.221677 https://vuldb.com/?id.221677 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •