CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-28073 – Library Management System 1.0 SQL Injection
https://notcve.org/view.php?id=CVE-2020-28073
SourceCodester Library Management System 1.0 is affected by SQL Injection allowing an attacker to bypass the user authentication and impersonate any user on the system. SourceCodester Library Management System versión 1.0, está afectado por una Inyección SQL, permitiendo a un atacante omitir la autenticación del usuario y hacerse pasar por cualquier usuario del sistema Library Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. • http://packetstormsecurity.com/files/160606/Library-Management-System-1.0-SQL-Injection.html https://www.sourcecodester.com/php/14545/online-library-management-system-phpmysqli-full-source-code-2020.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 7%CPEs: 1EXPL: 1CVE-2020-28130
https://notcve.org/view.php?id=CVE-2020-28130
An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos (under the web root). Una Carga de Archivos Arbitraria en el componente Upload Image en SourceCodester Online Library Management System versión 1.0, permite al usuario conducir una ejecución de código remota por medio de admin/borrower/index.php?view=add porque los archivos .php pueden ser cargados en admin/borrower/photos ( bajo la root web) • https://www.exploit-db.com/exploits/48928 https://www.sourcecodester.com/php/14545/online-library-management-system-phpmysqli-full-source-code-2020.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25515
https://notcve.org/view.php?id=CVE-2020-25515
Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book , http://<site>/lms/index.php?page=books. Sourcecodester Simple Library Management System versión 1.0, está afectado por Permisos No seguros por medio de Books ) New Book, http://(site)/lms/index.php?page=books • https://github.com/Ko-kn3t/CVE-2020-25515 http://simple.com https://www.sourcecodester.com • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25514
https://notcve.org/view.php?id=CVE-2020-25514
Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http://<site>/lms/admin.php. Sourcecodester Simple Library Management System versión 1.0, está afectado por un Control de Acceso Incorrecto por medio del Panel de Inicio de Sesión, http://(site)/lms/admin.php • https://github.com/Ko-kn3t/CVE-2020-25514 http://simple.com https://www.sourcecodester.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18796 – Library Management System 1.0 SQL Injection
https://notcve.org/view.php?id=CVE-2018-18796
Library Management System 1.0 has SQL Injection via the "Search for Books" screen. Library Management System 1.0 tiene una inyección SQL mediante la pantalla "Search for Books". Library Management System version 1.0 suffers from a remote SQL injection vulnerability. • http://packetstormsecurity.com/files/149987/Library-Management-System-1.0-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •