CVE-2024-3439 – SourceCodester Prison Management System login.php sql injection
https://notcve.org/view.php?id=CVE-2024-3439
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /Account/login.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. • https://github.com/fubxx/CVE/blob/main/PrisonManagementSystemSQL2.md https://vuldb.com/?ctiid.259692 https://vuldb.com/?id.259692 https://vuldb.com/?submit.312204 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-3438 – SourceCodester Prison Management System login.php sql injection
https://notcve.org/view.php?id=CVE-2024-3438
A vulnerability was found in SourceCodester Prison Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /Admin/login.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/fubxx/CVE/blob/main/PrisonManagementSystemSQL1.md https://vuldb.com/?ctiid.259691 https://vuldb.com/?id.259691 https://vuldb.com/?submit.312203 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-3437 – SourceCodester Prison Management System Avatar add-admin.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-3437
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /Admin/add-admin.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted upload. The attack may be initiated remotely. • https://github.com/fubxx/CVE/blob/main/PrisonManagementSystemRCE2.md https://vuldb.com/?ctiid.259631 https://vuldb.com/?id.259631 https://vuldb.com/?submit.311920 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-3436 – SourceCodester Prison Management System Avatar edit-photo.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-3436
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /Admin/edit-photo.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted upload. The attack can be initiated remotely. • https://github.com/fubxx/CVE/blob/main/PrisonManagementSystemRCE.md https://vuldb.com/?ctiid.259630 https://vuldb.com/?id.259630 https://vuldb.com/?submit.311919 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2022-32405
https://notcve.org/view.php?id=CVE-2022-32405
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/prisons/view_prison.php:4 Se ha detectado que Prison Management System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro "id" en el archivo /pms/admin/prisons/view_prison.php:4 • https://github.com/Dyrandy/BugBounty/blob/main/pms/cve-2022-32405.md https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •