CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43457
https://notcve.org/view.php?id=CVE-2023-43457
25 Sep 2023 — An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint. Un problema en Service Provider Management System v.1.0 permite a un atacante remoto obtener privilegios a través del parámetro ID en el endpoint /php-spms/admin/?page=user/. • https://samh4cks.github.io/posts/cve-2023-43457 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 3CVE-2023-30415 – Packers and Movers Management System 1.0 SQL Injection
https://notcve.org/view.php?id=CVE-2023-30415
19 Sep 2023 — Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /inquiries/view_inquiry.php. Se descubrió que Sourcecodester Packers and Movers Management System v1.0 contiene una vulnerabilidad de inyección SQL a través del parámetro id en /inquiries/view_inquiry.php. • https://packetstorm.news/files/id/174758 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5021 – SourceCodester AC Repair and Services System cross site scripting
https://notcve.org/view.php?id=CVE-2023-5021
17 Sep 2023 — A vulnerability, which was classified as problematic, was found in SourceCodester AC Repair and Services System 1.0. Affected is an unknown function of the file admin/?page=system_info/contact_information. The manipulation of the argument telephone/mobile/address leads to cross site scripting. It is possible to launch the attack remotely. • https://vuldb.com/?ctiid.239862 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5018 – SourceCodester Lost and Found Information System POST Parameter sql injection
https://notcve.org/view.php?id=CVE-2023-5018
17 Sep 2023 — A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_category of the component POST Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. • https://vuldb.com/?ctiid.239859 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-36159
https://notcve.org/view.php?id=CVE-2023-36159
03 Aug 2023 — Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page. • https://github.com/unknown00759/CVE-2023-36159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3850 – SourceCodester Lost and Found Information System HTTP POST Request sql injection
https://notcve.org/view.php?id=CVE-2023-3850
23 Jul 2023 — A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_category of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. • https://vuldb.com/?ctiid.235201 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3680 – SourceCodester Lost and Found Information System HTTP POST Request sql injection
https://notcve.org/view.php?id=CVE-2023-3680
15 Jul 2023 — A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_item of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. • https://vuldb.com/?ctiid.234225 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3679 – SourceCodester Lost and Found Information System HTTP POST Request sql injection
https://notcve.org/view.php?id=CVE-2023-3679
15 Jul 2023 — A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=save_inquiry of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. • https://vuldb.com/?ctiid.234224 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3678 – SourceCodester AC Repair and Services System HTTP POST Request sql injection
https://notcve.org/view.php?id=CVE-2023-3678
15 Jul 2023 — A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_inquiry of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. • https://vuldb.com/?ctiid.234223 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3661 – SourceCodester AC Repair and Services System sql injection
https://notcve.org/view.php?id=CVE-2023-3661
13 Jul 2023 — A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been classified as critical. This affects an unknown part of the file /classes/Master.php?f=save_inquiry. The manipulation of the argument id leads to sql injection. • https://vuldb.com/?ctiid.234015 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •