CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2023-30015
https://notcve.org/view.php?id=CVE-2023-30015
12 Jan 2024 — SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via txtsearch parameter in review_search.php. Vulnerabilidad de inyección SQL en oretnom23 Judging Management System v1.0, permite a atacantes remotos ejecutar código arbitrario y obtener información confidencial a través del parámetro txtsearch en review_search.php. • https://github.com/Pings1031/cve_report/blob/main/judging-management-system/SQLi-3.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2023-30016
https://notcve.org/view.php?id=CVE-2023-30016
12 Jan 2024 — SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_details_edit.php. Vulnerabilidad de inyección SQL en oretnom23 Judging Management System v1.0, permite a atacantes remotos ejecutar código arbitrario y obtener información confidencial a través del parámetro sub_event_id en sub_event_details_edit.php. • https://github.com/Pings1031/cve_report/blob/main/judging-management-system/SQLi-2.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 4CVE-2024-0265 – SourceCodester Clinic Queuing System GET Parameter index.php file inclusion
https://notcve.org/view.php?id=CVE-2024-0265
07 Jan 2024 — A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component GET Parameter Handler. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. • https://packetstorm.news/files/id/178519 • CWE-73: External Control of File Name or Path •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2024-0264 – SourceCodester Clinic Queuing System LoginRegistration.php authorization
https://notcve.org/view.php?id=CVE-2024-0264
07 Jan 2024 — A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /LoginRegistration.php. The manipulation of the argument formToken leads to authorization bypass. The attack can be initiated remotely. • https://packetstorm.news/files/id/178519 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-50070
https://notcve.org/view.php?id=CVE-2023-50070
29 Dec 2023 — Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via department_id, customer_id, and subject. Sourcecodester Customer Support System 1.0 tiene múltiples vulnerabilidades de inyección SQL en /customer_support/ajax.php?action=save_ticket a través de department_id, customer_id y subject. • https://github.com/geraldoalcantara/CVE-2023-50070 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7134 – SourceCodester Medicine Tracking System path traversal
https://notcve.org/view.php?id=CVE-2023-7134
28 Dec 2023 — A vulnerability was found in SourceCodester Medicine Tracking System 1.0. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument page leads to path traversal: '../filedir'. • https://medium.com/@2839549219ljk/medicine-tracking-system-rce-vulnerability-1f009165b915 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-24: Path Traversal: '../filedir' •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7058 – SourceCodester Simple Student Attendance System path traversal
https://notcve.org/view.php?id=CVE-2023-7058
22 Dec 2023 — A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to path traversal: '../filedir'. • https://github.com/laoquanshi/Simple-Student-Attendance-System • CWE-24: Path Traversal: '../filedir' •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6896 – SourceCodester Simple Image Stack Website cross site scripting
https://notcve.org/view.php?id=CVE-2023-6896
17 Dec 2023 — A vulnerability was found in SourceCodester Simple Image Stack Website 1.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument search with the input sy2ap%22%3e%3cscript%3ealert(1)%3c%2fscript%3etkxh1 leads to cross site scripting. The attack may be initiated remotely. • https://vuldb.com/?ctiid.248255 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6771 – SourceCodester Simple Student Attendance System actions.class.php save_attendance sql injection
https://notcve.org/view.php?id=CVE-2023-6771
13 Dec 2023 — A vulnerability, which was classified as critical, has been found in SourceCodester Simple Student Attendance System 1.0. This issue affects the function save_attendance of the file actions.class.php. The manipulation of the argument sid leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247907. • https://github.com/Glunko/Simple-Student-Attendance-System_vulnerability/blob/main/README.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6658 – SourceCodester Simple Student Attendance System sql injection
https://notcve.org/view.php?id=CVE-2023-6658
10 Dec 2023 — A vulnerability classified as critical was found in SourceCodester Simple Student Attendance System 1.0. This vulnerability affects unknown code of the file ajax-api.php?action=save_attendance. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the public and may be used. • https://github.com/daydust/vuln/blob/main/Simple_Student_Attendance_System/ajax-api.php_SQL-injection.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •