CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5581 – SourceCodester Medicine Tracker System index.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-5581
A vulnerability classified as problematic was found in SourceCodester Medicine Tracker System 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/GodRone/MedicineTrackerSystem/blob/main/Medicine%20Tracker%20System_XSS.md https://vuldb.com/?ctiid.242146 https://vuldb.com/?id.242146 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-38965 – Lost And Found Information System 1.0 Insecure Direct Object Reference
https://notcve.org/view.php?id=CVE-2023-38965
Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI. Lost and Found Information System 1.0 permite la toma de control de cuentas mediante nombre de usuario y contraseña en un /classes/Users.php?f=save URI. Lost and Found Information System version 1.0 suffers from an insecure direct object reference vulnerability that allows for account takeover. • http://packetstormsecurity.com/files/175077/Lost-And-Found-Information-System-1.0-Insecure-Direct-Object-Reference.html https://github.com/Or4ngm4n/vulnreability-code-review-php/blob/main/Lost%20and%20Found%20Information%20System%20v1.0.txt • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5423 – SourceCodester Online Pizza Ordering System sql injection
https://notcve.org/view.php?id=CVE-2023-5423
A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirm_order. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. • https://vuldb.com/?ctiid.241384 https://vuldb.com/?id.241384 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5374 – SourceCodester Online Computer and Laptop Store products.php sql injection
https://notcve.org/view.php?id=CVE-2023-5374
A vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file products.php. The manipulation of the argument c leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/llixixi/Engineers-Online-Portal-System/blob/main/Computer%20and%20Laptop%20Store%20System%20products.php%20has%20Sqlinjection.pdf https://vuldb.com/?ctiid.241255 https://vuldb.com/?id.241255 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5373 – SourceCodester Online Computer and Laptop Store Master.php register sql injection
https://notcve.org/view.php?id=CVE-2023-5373
A vulnerability classified as critical has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected is the function register of the file Master.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Szlllc/Cve/blob/main/Computer%20and%20Laptop%20Store%20System%20Master.php%20has%20Sqlinjection.pdf https://vuldb.com/?ctiid.241254 https://vuldb.com/?id.241254 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •