CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50766
https://notcve.org/view.php?id=CVE-2024-50766
07 Nov 2024 — SourceCodester Survey Application System 1.0 is vulnerable to SQL Injection in takeSurvey.php via the id parameter. • https://medium.com/%40luisgerardomoret_69654/sql-injection-in-survey-application-system-cve-2024-50766-8ed81426ca6e • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10559 – SourceCodester Airport Booking Management System details buffer overflow
https://notcve.org/view.php?id=CVE-2024-10559
31 Oct 2024 — A vulnerability was found in SourceCodester Airport Booking Management System 1.0 and classified as critical. Affected by this issue is the function details of the component Passport Number Handler. The manipulation leads to buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. • https://github.com/CveSecLook/cve/issues/64 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-51430
https://notcve.org/view.php?id=CVE-2024-51430
31 Oct 2024 — Cross Site Scripting vulnerability in online diagnostic lab management system using php v.1.0 allows a remote attacker to execute arbitrary code via the Test Name parameter on the diagnostic/add-test.php component. • https://github.com/BLACK-SCORP10/CVE-2024-51430 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10450 – SourceCodester Kortex Lite Advocate Office Management System POST Parameter edit_profile.php sql injection
https://notcve.org/view.php?id=CVE-2024-10450
28 Oct 2024 — A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /kortex_lite/control/edit_profile.php of the component POST Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/will121351/wenqin.webray.com.cn/blob/main/CVE-project/Advocate-office-management-system.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10422 – SourceCodester Attendance and Payroll System overtime_add.php sql injection
https://notcve.org/view.php?id=CVE-2024-10422
27 Oct 2024 — A vulnerability, which was classified as critical, has been found in SourceCodester Attendance and Payroll System 1.0. This issue affects some unknown processing of the file /admin/overtime_add.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/K1nako0/tmp_vuln14/blob/main/README.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10421 – SourceCodester Attendance and Payroll System overtime_row.php sql injection
https://notcve.org/view.php?id=CVE-2024-10421
27 Oct 2024 — A vulnerability classified as critical was found in SourceCodester Attendance and Payroll System 1.0. This vulnerability affects unknown code of the file /admin/overtime_row.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/K1nako0/tmp_vuln13/blob/main/README.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10420 – SourceCodester Attendance and Payroll System update.php upload unrestricted upload
https://notcve.org/view.php?id=CVE-2024-10420
27 Oct 2024 — A vulnerability classified as critical has been found in SourceCodester Attendance and Payroll System 1.0. This affects the function upload of the file /marimar/guest/update.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/K1nako0/tmp_vuln12/blob/main/README.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10413 – SourceCodester Online Hotel Reservation System update.php upload unrestricted upload
https://notcve.org/view.php?id=CVE-2024-10413
27 Oct 2024 — A vulnerability, which was classified as critical, has been found in SourceCodester Online Hotel Reservation System 1.0. Affected by this issue is the function upload of the file /guest/update.php. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/K1nako0/tmp_vuln11/blob/main/README.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10411 – SourceCodester Online Hotel Reservation System controller.php doCheckout sql injection
https://notcve.org/view.php?id=CVE-2024-10411
27 Oct 2024 — A vulnerability was found in SourceCodester Online Hotel Reservation System 1.0. It has been classified as critical. Affected is the function doCancelRoom/doCancel/doConfirm/doCancel/doCheckin/doCheckout of the file /marimar/admin/mod_room/controller.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. • https://github.com/K1nako0/tmp_vuln10/blob/main/README.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 3CVE-2024-10410 – SourceCodester Online Hotel Reservation System controller.php upload unrestricted upload
https://notcve.org/view.php?id=CVE-2024-10410
27 Oct 2024 — A vulnerability classified as critical was found in SourceCodester Online Hotel Reservation System 1.0. Affected by this vulnerability is the function upload of the file /admin/mod_room/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. • https://github.com/K1nako0/CVE-2024-10410 • CWE-434: Unrestricted Upload of File with Dangerous Type •