CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5047 – SourceCodester Student Management System controller.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-5047
A vulnerability classified as critical has been found in SourceCodester Student Management System 1.0. Affected is an unknown function of the file /student/controller.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/I-Schnee-I/cev/blob/main/SourceCodester%20Student%20Management%20System%201.0%20controller.php%20Unrestricted%20Upload.md https://vuldb.com/?ctiid.264744 https://vuldb.com/?id.264744 https://vuldb.com/?submit.335633 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5046 – SourceCodester Online Examination System registeracc.php sql injection
https://notcve.org/view.php?id=CVE-2024-5046
A vulnerability was found in SourceCodester Online Examination System 1.0. It has been rated as critical. This issue affects some unknown processing of the file registeracc.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. • https://github.com/CveSecLook/cve/issues/32 https://vuldb.com/?ctiid.264743 https://vuldb.com/?id.264743 https://vuldb.com/?submit.335527 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5045 – SourceCodester Online Birth Certificate Management System admin file access
https://notcve.org/view.php?id=CVE-2024-5045
A vulnerability was found in SourceCodester Online Birth Certificate Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin. The manipulation leads to files or directories accessible. The attack can be initiated remotely. • https://github.com/HuoMingZ/aoligei/blob/main/yuzu.md https://vuldb.com/?ctiid.264742 https://vuldb.com/?id.264742 https://vuldb.com/?submit.335384 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4968 – SourceCodester Interactive Map with Marker Add Marker Marker Name cross site scripting
https://notcve.org/view.php?id=CVE-2024-4968
A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Marker Name of the component Add Marker. The manipulation leads to cross site scripting. The attack may be launched remotely. • https://github.com/BurakSevben/CVEs/blob/main/Interactive%20Map%20App/Interactive%20Map%20App%20-%20Cross-Site-Scripting.md https://vuldb.com/?ctiid.264536 https://vuldb.com/?id.264536 https://vuldb.com/?submit.335191 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4967 – SourceCodester Interactive Map with Marker delete-mark.php sql injection
https://notcve.org/view.php?id=CVE-2024-4967
A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /endpoint/delete-mark.php. The manipulation of the argument mark leads to sql injection. The attack can be launched remotely. • https://github.com/BurakSevben/CVEs/blob/main/Interactive%20Map%20App/Interactive%20Map%20App%20-%20SQL%20Injection.md https://vuldb.com/?ctiid.264535 https://vuldb.com/?id.264535 https://vuldb.com/?submit.335190 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •