CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2351 – CodeAstro Ecommerce Site Search action.php sql injection
https://notcve.org/view.php?id=CVE-2024-2351
09 Mar 2024 — A vulnerability classified as critical was found in CodeAstro Ecommerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file action.php of the component Search. The manipulation of the argument cat_id/brand_id/keyword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://docs.qq.com/doc/DYklCV0thWnRaaWpY • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 3CVE-2024-2333 – CodeAstro Membership Management System add_members.php sql injection
https://notcve.org/view.php?id=CVE-2024-2333
09 Mar 2024 — A vulnerability classified as critical has been found in CodeAstro Membership Management System 1.0. Affected is an unknown function of the file /add_members.php. The manipulation of the argument fullname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/sxyrxyy/aiohttp-exploit-CVE-2024-23334-certstream • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-46497
https://notcve.org/view.php?id=CVE-2022-46497
07 Mar 2024 — Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the pat_number parameter at his_doc_view_single_patien.php. Se descubrió que Hospital Management System 1.0 contenía una vulnerabilidad de inyección SQL a través del parámetro pat_number en his_doc_view_single_patien.php. • https://github.com/ASR511-OO7/CVE-2022-46497 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-46499
https://notcve.org/view.php?id=CVE-2022-46499
07 Mar 2024 — Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the pat_number parameter at his_admin_view_single_patient.php. Se descubrió que Hospital Management System 1.0 contenía una vulnerabilidad de inyección SQL a través del parámetro pat_number en his_admin_view_single_patient.php. • https://github.com/ASR511-OO7/CVE-2022-46499 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-46498
https://notcve.org/view.php?id=CVE-2022-46498
07 Mar 2024 — Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the doc_number parameter at his_admin_view_single_employee.php. Se descubrió que Hospital Management System 1.0 contenía una vulnerabilidad de inyección SQL a través del parámetro doc_number en his_admin_view_single_employee.php. • https://github.com/ASR511-OO7/CVE-2022-46498 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2149 – CodeAstro Membership Management System settings.php sql injection
https://notcve.org/view.php?id=CVE-2024-2149
03 Mar 2024 — A vulnerability classified as critical was found in CodeAstro Membership Management System 1.0. This vulnerability affects unknown code of the file settings.php. The manipulation of the argument currency leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/JiaDongGao1/CVE_Hunter/blob/main/SQLi-2.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 4CVE-2024-2076 – CodeAstro House Rental Management System tenant.php missing authentication
https://notcve.org/view.php?id=CVE-2024-2076
01 Mar 2024 — A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file booking.php/owner.php/tenant.php. The manipulation leads to missing authentication. The attack may be launched remotely. • https://github.com/yoryio/CVE-2024-20767 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25867
https://notcve.org/view.php?id=CVE-2024-25867
28 Feb 2024 — A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the membershipType and membershipAmount parameters in the add_type.php component. Una vulnerabilidad de inyección SQL en CodeAstro Membership Management System en PHP v.1.0 permite a un atacante remoto ejecutar comandos SQL arbitrarios a través de los parámetros MembershipType y MembershipAmount en el componente add_type.php. • https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/MembershipManagementSystem-SQL_Injection_Add_Type.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25866
https://notcve.org/view.php?id=CVE-2024-25866
28 Feb 2024 — A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the email parameter in the index.php component. Una vulnerabilidad de inyección SQL en CodeAstro Membership Management System en PHP v.1.0 permite a un atacante remoto ejecutar comandos SQL arbitrarios a través del parámetro email en el componente index.php. • https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/MembershipManagementSystem-SQL_Injection_Login.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25868
https://notcve.org/view.php?id=CVE-2024-25868
28 Feb 2024 — A Cross Site Scripting (XSS) vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via the membershipType parameter in the add_type.php component. Una vulnerabilidad de Cross Site Scripting (XSS) en CodeAstro Membership Management System en PHP v.1.0 permite a un atacante remoto ejecutar código arbitrario a través del parámetro memberType en el componente add_type.php. • https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/MembershipManagementSystem-Stored_XSS_Add_Type.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •