CVE-2023-2670 – SourceCodester Lost and Found Information System access control
https://notcve.org/view.php?id=CVE-2023-2670
A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/?page=user/manage_user. The manipulation leads to improper access controls. • https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2670.md https://vuldb.com/?ctiid.228886 https://vuldb.com/?id.228886 • CWE-284: Improper Access Control •
CVE-2023-2669 – SourceCodester Lost and Found Information System GET Parameter sql injection
https://notcve.org/view.php?id=CVE-2023-2669
A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as critical. This affects an unknown part of the file admin/?page=categories/view_category of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. • https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2669.md https://vuldb.com/?ctiid.228885 https://vuldb.com/?id.228885 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-2668 – SourceCodester Lost and Found Information System GET Parameter manager_category sql injection
https://notcve.org/view.php?id=CVE-2023-2668
A vulnerability was found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this issue is the function manager_category of the file admin/?page=categories/manage_category of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. • https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2668.md https://vuldb.com/?ctiid.228884 https://vuldb.com/?id.228884 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-2667 – SourceCodester Lost and Found Information System cross site scripting
https://notcve.org/view.php?id=CVE-2023-2667
A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2667.md https://vuldb.com/?ctiid.228883 https://vuldb.com/?id.228883 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-2653 – SourceCodester Lost and Found Information System index.php sql injection
https://notcve.org/view.php?id=CVE-2023-2653
A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0. Affected by this vulnerability is an unknown functionality of the file items/index.php. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Lost-and-Found-Information-System---Multiple-SQL-injections.md https://vuldb.com/?ctiid.228781 https://vuldb.com/?id.228781 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •