CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10999 – CodeAstro Real Estate Management System About Us Page aboutadd.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-10999
08 Nov 2024 — A vulnerability classified as problematic has been found in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /aboutadd.php of the component About Us Page. The manipulation of the argument aimage leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://codeastro.com • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48709
https://notcve.org/view.php?id=CVE-2024-48709
21 Oct 2024 — CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the membershipType parameter in edit_type.php • https://github.com/anoncoder01/PHP_CodeAstro_Stored_XSS/blob/master/vulnerabilities/XSS_2.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46236
https://notcve.org/view.php?id=CVE-2024-46236
21 Oct 2024 — CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the address parameter in add_members.php and edit_member.php. • https://github.com/anoncoder01/PHP_CodeAstro_Stored_XSS/blob/master/vulnerabilities/XSS_1.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46470
https://notcve.org/view.php?id=CVE-2024-46470
27 Sep 2024 — Cross Site Scripting vulnerability in CodeAstro Membership Management System 1.0 allows attackers to run malicious JavaScript via the membership_type field in the edit-type.php component. • https://codeastro.com/membership-management-system-in-php-with-source-code • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46471
https://notcve.org/view.php?id=CVE-2024-46471
27 Sep 2024 — The Directory Listing in /uploads/ Folder in CodeAstro Membership Management System 1.0 exposes the structure and contents of directories, potentially revealing sensitive information. • https://codeastro.com/membership-management-system-in-php-with-source-code • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46472
https://notcve.org/view.php?id=CVE-2024-46472
27 Sep 2024 — CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection via the parameter 'email' in the Login Page. • https://codeastro.com/membership-management-system-in-php-with-source-code • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45528
https://notcve.org/view.php?id=CVE-2024-45528
02 Sep 2024 — CodeAstro MembershipM-PHP (aka Membership Management System in PHP) 1.0 allows add_members.php fullname stored XSS. CodeAstro MembershipM-PHP (también conocido como Sistema de gestión de membresía en PHP) 1.0 permite XSS almacenado con el nombre completo en add_members.php. • https://github.com/ShellFighter/VulnerabilityResearch/blob/main/MMS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7912 – CodeAstro Online Railway Reservation System assets exposure of information through directory listing
https://notcve.org/view.php?id=CVE-2024-7912
18 Aug 2024 — A vulnerability was found in CodeAstro Online Railway Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/assets/. The manipulation leads to exposure of information through directory listing. The attack can be initiated remotely. • https://github.com/CYB84/CVE_Writeup/blob/main/Online%20Railway%20Reservation%20System/Directory%20Listing.md • CWE-548: Exposure of Information Through Directory Listing •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7910 – CodeAstro Online Railway Reservation System Profile Photo Update emp-profile-avatar.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-7910
18 Aug 2024 — A vulnerability was found in CodeAstro Online Railway Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/emp-profile-avatar.php of the component Profile Photo Update Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.275036 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 3CVE-2024-7815 – CodeAstro Online Railway Reservation System Update Employee Page admin-update-employee.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-7815
15 Aug 2024 — A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/admin-update-employee.php of the component Update Employee Page. The manipulation of the argument emp_fname /emp_lname /emp_nat_idno/emp_addr leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://packetstorm.news/files/id/190408 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •