CVE-2023-2643 – SourceCodester File Tracker Manager System POST Parameter update_password.php sql injection
https://notcve.org/view.php?id=CVE-2023-2643
A vulnerability classified as critical was found in SourceCodester File Tracker Manager System 1.0. This vulnerability affects unknown code of the file register/update_password.php of the component POST Parameter Handler. The manipulation of the argument new_password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/GZRsecurity/cve/blob/main/SQLi.md https://vuldb.com/?ctiid.228772 https://vuldb.com/?id.228772 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-23676 – WordPress File Gallery Plugin <= 1.8.5.3 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-23676
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bruno "Aesqe" Babic File Gallery plugin <= 1.8.5.3 versions. The File Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘file_gallery_shortcode’ function in versions up to, and including, 1.8.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/file-gallery/wordpress-file-gallery-plugin-1-8-5-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-27245
https://notcve.org/view.php?id=CVE-2023-27245
A cross-site scripting (XSS) vulnerability in File Management Project 1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Edit User module. • https://github.com/flyasolo/File-Management-System • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-1302 – SourceCodester File Tracker Manager System borrow1.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-1302
A vulnerability, which was classified as problematic, was found in SourceCodester File Tracker Manager System 1.0. This affects an unknown part of the file normal/borrow1.php. The manipulation of the argument id with the input 1"><script>alert(1111)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/godownio/bug_report/blob/main/vendors/hemedy99/File%20Tracker%20Manager%20System/XSS-1.md https://vuldb.com/?ctiid.222663 https://vuldb.com/?id.222663 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-1294 – SourceCodester File Tracker Manager System POST Parameter login.php sql injection
https://notcve.org/view.php?id=CVE-2023-1294
A vulnerability was found in SourceCodester File Tracker Manager System 1.0. It has been classified as critical. Affected is an unknown function of the file /file_manager/login.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. • https://github.com/godownio/bug_report/blob/main/vendors/hemedy99/File%20Tracker%20Manager%20System/SQLi-1.md https://vuldb.com/?ctiid.222648 https://vuldb.com/?id.222648 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •