CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2394 – SourceCodester Employee Management System add-admin.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-2394
A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Admin/add-admin.php. The manipulation of the argument avatar leads to unrestricted upload. The attack may be launched remotely. • https://github.com/LiAoRJ/CVE_Hunter/blob/main/RCE-1.md https://vuldb.com/?ctiid.256454 https://vuldb.com/?id.256454 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2393 – SourceCodester CRUD without Page Reload add_user.php sql injection
https://notcve.org/view.php?id=CVE-2024-2393
A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file add_user.php. The manipulation of the argument city leads to sql injection. The attack can be launched remotely. • https://github.com/CveSecLook/cve/blob/main/CRUD%20(Create%2C%20Read%2C%20Update%2C%20Delete)%20Without%20Page%20Reload%3ARefresh%20Using%20PHP%20and%20MySQL%20with%20Source%20Code%202/sql-1.md https://vuldb.com/?ctiid.256453 https://vuldb.com/?id.256453 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2332 – SourceCodester Online Mobile Management Store HTTP GET Request manage_category.php sql injection
https://notcve.org/view.php?id=CVE-2024-2332
A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/maintenance/manage_category.php of the component HTTP GET Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. • https://github.com/vanitashtml/CVE-Dumps/blob/main/Blind%20SQL%20Injection%20Manage%20Category%20-%20Mobile%20Management%20Store.md https://vuldb.com/?ctiid.256283 https://vuldb.com/?id.256283 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2331 – SourceCodester Tourist Reservation System System.cpp ad_writedata buffer overflow
https://notcve.org/view.php?id=CVE-2024-2331
A vulnerability was found in SourceCodester Tourist Reservation System 1.0. It has been declared as critical. This vulnerability affects the function ad_writedata of the file System.cpp. The manipulation of the argument ad_code leads to buffer overflow. The attack can be initiated remotely. • https://github.com/wkeyi0x1/vul-report/blob/main/Tourist%20Reservation%20System%20using%20C%2B%2B%20with%20Free%20Source%20Code/buffer-overflow-1.md https://vuldb.com/?ctiid.256282 https://vuldb.com/?id.256282 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 6CVE-2024-2168 – SourceCodester Online Tours & Travels Management System HTTP POST Request expense_category.php sql injection
https://notcve.org/view.php?id=CVE-2024-2168
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/operations/expense_category.php of the component HTTP POST Request Handler. The manipulation of the argument status leads to sql injection. It is possible to launch the attack remotely. • https://github.com/W01fh4cker/CVE-2024-21683-RCE https://github.com/r00t7oo2jm/-CVE-2024-21683-RCE-in-Confluence-Data-Center-and-Server https://github.com/absholi7ly/-CVE-2024-21683-RCE-in-Confluence-Data-Center-and-Server https://github.com/xh4vm/CVE-2024-21683 https://github.com/phucrio/CVE-2024-21683-RCE https://vuldb.com/?ctiid.255678 https://vuldb.com/?id.255678 https://www.yuque.com/mailemonyeyongjuan/nekc0f/uoobn101h48xv6ih • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •