CVE-2024-5518 – itsourcecode Online Discussion Forum change_profile_picture.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-5518
A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown part of the file change_profile_picture.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/L1OudFd8cl09/CVE/issues/1 https://vuldb.com/?ctiid.266589 https://vuldb.com/?id.266589 https://vuldb.com/?submit.346309 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-5517 – itsourcecode Online Blood Bank Management System changepwd.php sql injection
https://notcve.org/view.php?id=CVE-2024-5517
A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file changepwd.php. The manipulation of the argument useremail leads to sql injection. The attack may be launched remotely. • https://github.com/ppp-src/ha/issues/4 https://vuldb.com/?ctiid.266588 https://vuldb.com/?id.266588 https://vuldb.com/?submit.346225 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-5516 – itsourcecode Online Blood Bank Management System massage.php sql injection
https://notcve.org/view.php?id=CVE-2024-5516
A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file massage.php. The manipulation of the argument bid leads to sql injection. The attack can be launched remotely. • https://github.com/ppp-src/ha/issues/3 https://vuldb.com/?ctiid.266587 https://vuldb.com/?id.266587 https://vuldb.com/?submit.346223 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-5397 – itsourcecode Online Student Enrollment System instructorSubjects.php sql injection
https://notcve.org/view.php?id=CVE-2024-5397
A vulnerability classified as critical was found in itsourcecode Online Student Enrollment System 1.0. Affected by this vulnerability is an unknown functionality of the file instructorSubjects.php. The manipulation of the argument instructorId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Lanxiy7th/lx_CVE_report-/issues/10 https://vuldb.com/?ctiid.266311 https://vuldb.com/?id.266311 https://vuldb.com/?submit.344700 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-5396 – itsourcecode Online Student Enrollment System newfaculty.php sql injection
https://notcve.org/view.php?id=CVE-2024-5396
A vulnerability classified as critical has been found in itsourcecode Online Student Enrollment System 1.0. Affected is an unknown function of the file newfaculty.php. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Lanxiy7th/lx_CVE_report-/issues/9 https://vuldb.com/?ctiid.266310 https://vuldb.com/?id.266310 https://vuldb.com/?submit.344699 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •