CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7662 – SourceCodester Car Driving School Management System manag_package.php save_package cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-7662
A vulnerability was found in SourceCodester Car Driving School Management System 1.0. It has been declared as problematic. This vulnerability affects the function save_package of the file admin/packages/manag_package.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. • https://github.com/BFS-Lab/BFSDV/blob/main/Sourcecodester%20Online%20Catering%20Reservation%20System%20CSRF-2.md https://vuldb.com/?ctiid.274120 https://vuldb.com/?id.274120 https://vuldb.com/?submit.388766 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7661 – SourceCodester Car Driving School Management System index.php save_users cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-7661
A vulnerability was found in SourceCodester Car Driving School Management System 1.0. It has been classified as problematic. This affects the function save_users of the file admin/user/index.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. • https://github.com/BFS-Lab/BFSDV/blob/main/Sourcecodester%20Online%20Catering%20Reservation%20System%20CSRF-1.md https://vuldb.com/?ctiid.274119 https://vuldb.com/?id.274119 https://vuldb.com/?submit.388765 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28412
https://notcve.org/view.php?id=CVE-2022-28412
Car Driving School Managment System v1.0 was discovered to contain a SQL injection vulnerability via /cdsms/classes/Master.php?f=delete_package. Se ha detectado que Car Driving School Managment System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio de /cdsms/classes/Master.php?f=delete_package • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/car-driving-school-management-system/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28413
https://notcve.org/view.php?id=CVE-2022-28413
Car Driving School Management System v1.0 was discovered to contain a SQL injection vulnerability via /cdsms/classes/Master.php?f=delete_enrollment. Se ha detectado que Car Driving School Managment System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio de /cdsms/classes/Master.php?f=delete_enrollment • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/car-driving-school-management-system/SQLi-2.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-24572
https://notcve.org/view.php?id=CVE-2022-24572
Car Driving School Management System v1.0 is affected by Cross Site Scripting (XSS) in the User Enrollment Form (Username Field). To exploit this Vulnerability, an admin views the registered user details. Car Driving School Management System versión v1.0, está afectado por una vulnerabilidad de tipo Cross Site Scripting (XSS) en el formulario de inscripción de usuarios (campo Username). Para explotar esta vulnerabilidad, un administrador visualiza los detalles del usuario registrado. • https://github.com/nsparker1337/OpenSource/blob/main/exploit_xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •