CVE-2023-5286 – SourceCodester Expense Tracker App Category add_category.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-5286
A vulnerability, which was classified as problematic, has been found in SourceCodester Expense Tracker App v1. Affected by this issue is some unknown functionality of the file add_category.php of the component Category Handler. The manipulation of the argument category_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/xcodeOn1/XSS-Stored-Expense-Tracker-App https://vuldb.com/?ctiid.240914 https://vuldb.com/?id.240914 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-44048
https://notcve.org/view.php?id=CVE-2023-44048
Sourcecodester Expense Tracker App v1 is vulnerable to Cross Site Scripting (XSS) via add category. La aplicación Sourcecodester Expense Tracker v1 es vulnerable a Cross Site Scripting (XSS) a través de la categoría "add". • https://github.com/xcodeOn1/XSS-Stored-Expense-Tracker-App/tree/main https://github.com/xcodeOn1/xcode0x-CVEs/blob/main/CVE/CVE-2023-44048.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-43457
https://notcve.org/view.php?id=CVE-2023-43457
An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint. Un problema en Service Provider Management System v.1.0 permite a un atacante remoto obtener privilegios a través del parámetro ID en el endpoint /php-spms/admin/?page=user/. • https://samh4cks.github.io/posts/cve-2023-43457 https://www.sourcecodester.com/php/16501/service-provider-management-system-using-php-and-mysql-source-code-free-download.html https://www.sourcecodester.com/users/tips23 • CWE-269: Improper Privilege Management •
CVE-2023-43456
https://notcve.org/view.php?id=CVE-2023-43456
Cross Site Scripting vulnerability in Service Provider Management System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the firstname, middlename and lastname parameters in the /php-spms/admin/?page=user endpoint. Una vulnerabilidad de cross site scripting en Service Provider Management System v.1.0 permite a un atacante remoto ejecutar código arbitrario y obtener información sensible a través de los parámetros de nombre, segundo nombre y apellido en el endpoint /php-spms/admin/?page=user. • https://samh4cks.github.io/posts/cve-2023-43456 https://www.sourcecodester.com/php/16501/service-provider-management-system-using-php-and-mysql-source-code-free-download.html https://www.sourcecodester.com/users/tips23 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-30415 – Packers And Movers Management System 1.0 SQL Injection
https://notcve.org/view.php?id=CVE-2023-30415
Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /inquiries/view_inquiry.php. Se descubrió que Sourcecodester Packers and Movers Management System v1.0 contiene una vulnerabilidad de inyección SQL a través del parámetro id en /inquiries/view_inquiry.php. • http://packetstormsecurity.com/files/174758/Packers-And-Movers-Management-System-1.0-SQL-Injection.html https://robsware.github.io/2023/09/01/firstcve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •