CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-10355 – SourceCodester Petrol Pump Management Software invoice.php sql injection
https://notcve.org/view.php?id=CVE-2024-10355
A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/invoice.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/K1nako0/CVE-2024-10355 https://github.com/K1nako0/tmp_vuln4/blob/main/README.md https://vuldb.com/?ctiid.281702 https://vuldb.com/?id.281702 https://vuldb.com/?submit.430077 https://www.sourcecodester.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-10354 – SourceCodester Petrol Pump Management Software print.php sql injection
https://notcve.org/view.php?id=CVE-2024-10354
A vulnerability classified as critical was found in SourceCodester Petrol Pump Management Software 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/print.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/K1nako0/CVE-2024-10354 https://github.com/K1nako0/tmp_vuln3/blob/main/README.md https://vuldb.com/?ctiid.281701 https://vuldb.com/?id.281701 https://vuldb.com/?submit.430074 https://www.sourcecodester.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10353 – SourceCodester Online Exam System admin-dashboard access control
https://notcve.org/view.php?id=CVE-2024-10353
A vulnerability classified as critical has been found in SourceCodester Online Exam System 1.0. Affected is an unknown function of the file /admin-dashboard. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1hEXfbOOkWdYzaSI6ORQvPGBtn09R12Ui/view?usp=drive_link https://vuldb.com/?ctiid.281700 https://vuldb.com/?id.281700 https://vuldb.com/?submit.427957 https://www.sourcecodester.com • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10349 – SourceCodester Best House Rental Management System ajax.php delete_tenant sql injection
https://notcve.org/view.php?id=CVE-2024-10349
A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as critical. Affected by this issue is the function delete_tenant of the file /ajax.php?action=delete_tenant. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. • https://github.com/will121351/wenqin.webray.com.cn/blob/main/CVE-project/house-rentalmanagement-system1.md https://vuldb.com/?ctiid.281696 https://vuldb.com/?id.281696 https://vuldb.com/?submit.427472 https://www.sourcecodester.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10348 – SourceCodester Best House Rental Management System Manage Tenant Details index.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-10348
A vulnerability was found in SourceCodester Best House Rental Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?page=tenants of the component Manage Tenant Details. The manipulation of the argument Last Name/First Name/Middle Name leads to cross site scripting. • https://github.com/will121351/wenqin.webray.com.cn/blob/main/CVE-project/house-rental-management-system.md https://vuldb.com/?ctiid.281697 https://vuldb.com/?id.281697 https://vuldb.com/?submit.427471 https://www.sourcecodester.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •