CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2059 – SourceCodester Petrol Pump Management Software service_crud.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-2059
01 Mar 2024 — A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/app/service_crud.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be launched remotely. • https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/service_crud.php%20Unauthenticated%20Arbitrary%20File%20Upload.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2058 – SourceCodester Petrol Pump Management Software product.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-2058
01 Mar 2024 — A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/product.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. • https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/Unauthenticated%20Arbitrary%20File%20Upload.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-27744 – Petrol Pump Management Software v.1.0 - Stored Cross Site Scripting via SVG file
https://notcve.org/view.php?id=CVE-2024-27744
01 Mar 2024 — Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the image parameter in the profile.php component. Vulnerabilidad de Cross-Site Scripting en Petrol Pump Mangement Software v.1.0 permite a un atacante ejecutar código arbitrario a través de un payload manipulado en el parámetro de imagen en el componente profile.php. Petrol Pump Management Software version 1.0 suffers from multiple cross site scripting vulnerabilit... • https://www.exploit-db.com/exploits/51837 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-27746 – Petrol Pump Management Software v.1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2024-27746
01 Mar 2024 — SQL Injection vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email address parameter in the index.php component. Vulnerabilidad de inyección SQL en Petrol Pump Mangement Software v.1.0 permite a un atacante ejecutar código arbitrario a través de un payload manipulado en el parámetro de dirección de correo electrónico en el componente index.php. • https://www.exploit-db.com/exploits/51838 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-27747 – Petrol Pump Management Software v1.0 - Remote Code Execution via File Upload
https://notcve.org/view.php?id=CVE-2024-27747
01 Mar 2024 — File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email Image parameter in the profile.php component. Vulnerabilidad de carga de archivos en Petrol Pump Mangement Software v.1.0 permite a un atacante ejecutar código arbitrario a través de un payload manipulado en el parámetro Imagen de correo electrónico en el componente profile.php. Petrol Pump Management System version 1.0 suffers from a remote shell upload vulnerabi... • https://www.exploit-db.com/exploits/51839 • CWE-434: Unrestricted Upload of File with Dangerous Type •