CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7814 – CodeAstro Online Railway Reservation System Add Employee Page admin-add-employee.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-7814
15 Aug 2024 — A vulnerability, which was classified as problematic, was found in CodeAstro Online Railway Reservation System 1.0. Affected is an unknown function of the file /admin/admin-add-employee.php of the component Add Employee Page. The manipulation of the argument emp_fname /emp_lname /emp_nat_idno/emp_addr leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/CYB84/CVE_Writeup/blob/main/Online%20Railway%20Reservation%20System/Stored%20XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2351 – CodeAstro Ecommerce Site Search action.php sql injection
https://notcve.org/view.php?id=CVE-2024-2351
09 Mar 2024 — A vulnerability classified as critical was found in CodeAstro Ecommerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file action.php of the component Search. The manipulation of the argument cat_id/brand_id/keyword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://docs.qq.com/doc/DYklCV0thWnRaaWpY • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 3CVE-2024-2333 – CodeAstro Membership Management System add_members.php sql injection
https://notcve.org/view.php?id=CVE-2024-2333
09 Mar 2024 — A vulnerability classified as critical has been found in CodeAstro Membership Management System 1.0. Affected is an unknown function of the file /add_members.php. The manipulation of the argument fullname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/sxyrxyy/aiohttp-exploit-CVE-2024-23334-certstream • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-46497
https://notcve.org/view.php?id=CVE-2022-46497
07 Mar 2024 — Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the pat_number parameter at his_doc_view_single_patien.php. Se descubrió que Hospital Management System 1.0 contenía una vulnerabilidad de inyección SQL a través del parámetro pat_number en his_doc_view_single_patien.php. • https://github.com/ASR511-OO7/CVE-2022-46497 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-46498
https://notcve.org/view.php?id=CVE-2022-46498
07 Mar 2024 — Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the doc_number parameter at his_admin_view_single_employee.php. Se descubrió que Hospital Management System 1.0 contenía una vulnerabilidad de inyección SQL a través del parámetro doc_number en his_admin_view_single_employee.php. • https://github.com/ASR511-OO7/CVE-2022-46498 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-46499
https://notcve.org/view.php?id=CVE-2022-46499
07 Mar 2024 — Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the pat_number parameter at his_admin_view_single_patient.php. Se descubrió que Hospital Management System 1.0 contenía una vulnerabilidad de inyección SQL a través del parámetro pat_number en his_admin_view_single_patient.php. • https://github.com/ASR511-OO7/CVE-2022-46499 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2149 – CodeAstro Membership Management System settings.php sql injection
https://notcve.org/view.php?id=CVE-2024-2149
03 Mar 2024 — A vulnerability classified as critical was found in CodeAstro Membership Management System 1.0. This vulnerability affects unknown code of the file settings.php. The manipulation of the argument currency leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/JiaDongGao1/CVE_Hunter/blob/main/SQLi-2.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 4CVE-2024-2076 – CodeAstro House Rental Management System tenant.php missing authentication
https://notcve.org/view.php?id=CVE-2024-2076
01 Mar 2024 — A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file booking.php/owner.php/tenant.php. The manipulation leads to missing authentication. The attack may be launched remotely. • https://github.com/yoryio/CVE-2024-20767 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25866
https://notcve.org/view.php?id=CVE-2024-25866
28 Feb 2024 — A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the email parameter in the index.php component. Una vulnerabilidad de inyección SQL en CodeAstro Membership Management System en PHP v.1.0 permite a un atacante remoto ejecutar comandos SQL arbitrarios a través del parámetro email en el componente index.php. • https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/MembershipManagementSystem-SQL_Injection_Login.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25867
https://notcve.org/view.php?id=CVE-2024-25867
28 Feb 2024 — A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the membershipType and membershipAmount parameters in the add_type.php component. Una vulnerabilidad de inyección SQL en CodeAstro Membership Management System en PHP v.1.0 permite a un atacante remoto ejecutar comandos SQL arbitrarios a través de los parámetros MembershipType y MembershipAmount en el componente add_type.php. • https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/MembershipManagementSystem-SQL_Injection_Add_Type.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •