CVE-2024-0543 – CodeAstro Real Estate Management System propertydetail.php sql injection
https://notcve.org/view.php?id=CVE-2024-0543
A vulnerability classified as critical has been found in CodeAstro Real Estate Management System up to 1.0. This affects an unknown part of the file propertydetail.php. The manipulation of the argument pid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/drive/folders/1U2nirIi6OtuCi-vrD2-VHyJbsHK5yA7t?usp=sharing https://vuldb.com/?ctiid.250713 https://vuldb.com/?id.250713 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-0424 – CodeAstro Simple Banking System Create a User Page createuser.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-0424
A vulnerability classified as problematic has been found in CodeAstro Simple Banking System 1.0. This affects an unknown part of the file createuser.php of the component Create a User Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1jr5YRrESDjcNmhpQRK5yHvvxNlYJp2oK/view?usp=sharing https://vuldb.com/?ctiid.250443 https://vuldb.com/?id.250443 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-0423 – CodeAstro Online Food Ordering System dishes.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-0423
A vulnerability was found in CodeAstro Online Food Ordering System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file dishes.php. The manipulation of the argument res_id leads to cross site scripting. The attack may be launched remotely. • https://drive.google.com/file/d/1SaHrOPMV6yrBaS5pA7MOX8nsiVGxvlOa/view?usp=sharing https://vuldb.com/?ctiid.250442 https://vuldb.com/?id.250442 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-0422 – CodeAstro POS and Inventory Management System New Item Creation Page new_item cross site scripting
https://notcve.org/view.php?id=CVE-2024-0422
A vulnerability was found in CodeAstro POS and Inventory Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /new_item of the component New Item Creation Page. The manipulation of the argument new_item leads to cross site scripting. The attack can be launched remotely. • https://drive.google.com/file/d/1_CoeXcCC8fXzKJO-Xvjuq1qYtf8QKHaM/view?usp=sharing https://vuldb.com/?ctiid.250441 https://vuldb.com/?id.250441 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-0194 – CodeAstro Internet Banking System Profile Picture pages_account.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-0194
A vulnerability, which was classified as critical, has been found in CodeAstro Internet Banking System up to 1.0. This issue affects some unknown processing of the file pages_account.php of the component Profile Picture Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/147yg6oMHoJ1WvhH-TT0-GXDjKyNCSoeX/view?usp=sharing https://vuldb.com/?ctiid.249509 https://vuldb.com/?id.249509 • CWE-434: Unrestricted Upload of File with Dangerous Type •