CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4921 – SourceCodester Employee and Visitor Gate Pass Logging System unrestricted upload
https://notcve.org/view.php?id=CVE-2024-4921
A vulnerability classified as critical has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Affected is an unknown function of the file /employee_gatepass/classes/Users.php?f=ssave. The manipulation of the argument img leads to unrestricted upload. It is possible to launch the attack remotely. • https://github.com/I-Schnee-I/cev/blob/main/upload.md https://vuldb.com/?ctiid.264456 https://vuldb.com/?id.264456 https://vuldb.com/?submit.333662 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-31752
https://notcve.org/view.php?id=CVE-2023-31752
SourceCodester Employee and Visitor Gate Pass Logging System v1.0 is vulnerable to SQL Injection via /employee_gatepass/classes/Login.php. • https://github.com/4O4NtFd/bug_report/blob/main/SQLI2/SQLi-2.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2090 – SourceCodester Employee and Visitor Gate Pass Logging System GET Parameter view_designation.php sql injection
https://notcve.org/view.php?id=CVE-2023-2090
A vulnerability classified as critical has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Affected is an unknown function of the file /admin/maintenance/view_designation.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/4O4NtFd/bug_report/blob/main/SQLI1/SQLi-1.md https://vuldb.com/?ctiid.226098 https://vuldb.com/?id.226098 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46309
https://notcve.org/view.php?id=CVE-2021-46309
An SQL Injection vulnerability exists in Sourcecodester Employee and Visitor Gate Pass Logging System 1.0 via the username parameter. Se presenta una vulnerabilidad de inyección SQL en Sourcecodester Employee and Visitor Gate Pass Logging System versión 1.0, por medio del parámetro username • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2022/Employee-and-Visitor-Gate-Pass-Logging • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •