CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2024-0265 – SourceCodester Clinic Queuing System GET Parameter index.php file inclusion
https://notcve.org/view.php?id=CVE-2024-0265
A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component GET Parameter Handler. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. • https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/blob/main/clinicx.py https://vuldb.com/?ctiid.249821 https://vuldb.com/?id.249821 • CWE-73: External Control of File Name or Path •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-0264 – SourceCodester Clinic Queuing System LoginRegistration.php authorization
https://notcve.org/view.php?id=CVE-2024-0264
A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /LoginRegistration.php. The manipulation of the argument formToken leads to authorization bypass. The attack can be initiated remotely. • https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/blob/main/clinicx.py https://vuldb.com/?ctiid.249820 https://vuldb.com/?id.249820 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-50070
https://notcve.org/view.php?id=CVE-2023-50070
Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via department_id, customer_id, and subject. Sourcecodester Customer Support System 1.0 tiene múltiples vulnerabilidades de inyección SQL en /customer_support/ajax.php?action=save_ticket a través de department_id, customer_id y subject. • https://github.com/geraldoalcantara/CVE-2023-50070 https://medium.com/%40geraldoalcantarapro/cve-2023-50070-1f58c2a64b1c • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7134 – SourceCodester Medicine Tracking System path traversal
https://notcve.org/view.php?id=CVE-2023-7134
A vulnerability was found in SourceCodester Medicine Tracking System 1.0. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument page leads to path traversal: '../filedir'. • https://medium.com/@2839549219ljk/medicine-tracking-system-rce-vulnerability-1f009165b915 https://vuldb.com/?ctiid.249137 https://vuldb.com/?id.249137 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-24: Path Traversal: '../filedir' •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7058 – SourceCodester Simple Student Attendance System path traversal
https://notcve.org/view.php?id=CVE-2023-7058
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to path traversal: '../filedir'. • https://github.com/laoquanshi/Simple-Student-Attendance-System https://vuldb.com/?ctiid.248749 https://vuldb.com/?id.248749 • CWE-24: Path Traversal: '../filedir' •