CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-8080 – SourceCodester Online Health Care System search.php sql injection
https://notcve.org/view.php?id=CVE-2024-8080
A vulnerability classified as critical has been found in SourceCodester Online Health Care System 1.0. Affected is an unknown function of the file search.php. The manipulation of the argument f_name with the input 1%' or 1=1 ) UNION SELECT 1,2,3,4,5,database(),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23# as part of string leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/shang159/sqli-vul/blob/main/sql2.md https://vuldb.com/?ctiid.275562 https://vuldb.com/?id.275562 https://vuldb.com/?submit.395465 https://www.sourcecodester.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7949 – SourceCodester Online Graduate Tracer System fetch_genderit.php sql injection
https://notcve.org/view.php?id=CVE-2024-7949
A vulnerability, which was classified as critical, was found in SourceCodester Online Graduate Tracer System up to 1.0. Affected is an unknown function of the file /tracking/admin/fetch_genderit.php. The manipulation of the argument request leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Pingxy/cve/blob/main/sql4.md https://vuldb.com/?ctiid.275142 https://vuldb.com/?id.275142 https://vuldb.com/?submit.394046 https://www.sourcecodester.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7948 – SourceCodester Accounts Manager App Update Account Page update-account.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-7948
A vulnerability classified as problematic was found in SourceCodester Accounts Manager App 1.0. This vulnerability affects unknown code of the file update-account.php of the component Update Account Page. The manipulation of the argument Account Name/Username/Password/Link leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jadu101/CVE/blob/main/SourceCodester_Accounts_Manager_App_update_account_xss.md https://vuldb.com/?ctiid.275140 https://vuldb.com/?id.275140 https://vuldb.com/?submit.393921 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7947 – SourceCodester Point of Sales and Inventory Management System login.php sql injection
https://notcve.org/view.php?id=CVE-2024-7947
A vulnerability classified as critical has been found in SourceCodester Point of Sales and Inventory Management System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/CveSecLook/cve/issues/60 https://vuldb.com/?ctiid.275139 https://vuldb.com/?id.275139 https://vuldb.com/?submit.393525 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7942 – SourceCodester Leads Manager Tool update-leads.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-7942
A vulnerability has been found in SourceCodester Leads Manager Tool 1.0 and classified as problematic. This vulnerability affects unknown code of the file update-leads.php. The manipulation of the argument phone_number leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jadu101/CVE/blob/main/SourceCodester_Lead_Manager_Tool_Update_Leads_XSS.md https://vuldb.com/?ctiid.275134 https://vuldb.com/?id.275134 https://vuldb.com/?submit.393338 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •