CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5515 – SourceCodester Stock Management System createBrand.php sql injection
https://notcve.org/view.php?id=CVE-2024-5515
A vulnerability was found in SourceCodester Stock Management System 1.0. It has been classified as critical. Affected is an unknown function of the file createBrand.php. The manipulation of the argument brandName leads to sql injection. It is possible to launch the attack remotely. • https://github.com/HaojianWang/cve/issues/1 https://vuldb.com/?ctiid.266586 https://vuldb.com/?id.266586 https://vuldb.com/?submit.345714 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5437 – SourceCodester Simple Online Bidding System save_category cross site scripting
https://notcve.org/view.php?id=CVE-2024-5437
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as problematic. Affected is the function save_category of the file /admin/index.php?page=categories. The manipulation of the argument name leads to cross site scripting. • https://github.com/pijiawei/CVE/blob/pijiawei-photo/SourceCodester%20Simple%20Online%20Bidding%20System%20XSS.md https://vuldb.com/?ctiid.266442 https://vuldb.com/?id.266442 https://vuldb.com/?submit.345066 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5428 – SourceCodester Simple Online Bidding System HTTP POST Request save_product cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-5428
A vulnerability classified as problematic was found in SourceCodester Simple Online Bidding System 1.0. Affected by this vulnerability is the function save_product of the file /admin/index.php?page=manage_product of the component HTTP POST Request Handler. The manipulation leads to cross-site request forgery. The attack can be launched remotely. • https://github.com/kaikai145154/CVE-CSRF/blob/main/SourceCodester%20Simple%20Online%20Bidding%20System%20CSRF.md https://vuldb.com/?ctiid.266383 https://vuldb.com/?id.266383 https://vuldb.com/?submit.345072 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5384 – SourceCodester Facebook News Feed Like index.php sql injection
https://notcve.org/view.php?id=CVE-2024-5384
A vulnerability classified as critical was found in SourceCodester Facebook News Feed Like 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument page leads to sql injection. The attack can be initiated remotely. VDB-266302 is the identifier assigned to this vulnerability. • https://vuldb.com/?ctiid.266302 https://vuldb.com/?id.266302 https://vuldb.com/?submit.344502 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5378 – SourceCodester School Intramurals Student Attendance Management System manage_sy.php sql injection
https://notcve.org/view.php?id=CVE-2024-5378
A vulnerability was found in SourceCodester School Intramurals Student Attendance Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manage_sy.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. • https://github.com/GAO-UNO/cve/blob/main/sql2.md https://vuldb.com/?ctiid.266290 https://vuldb.com/?id.266290 https://vuldb.com/?submit.344411 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •