CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2058 – SourceCodester Petrol Pump Management Software product.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-2058
A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/product.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. • https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/Unauthenticated%20Arbitrary%20File%20Upload.md https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/Surya2Developer%20Online_shopping_-system/SOURCECODESTER%20Petrol%20pump%20management%20software/Unauthenticated%20Arbitrary%20File%20Upload.md https://vuldb.com/?ctiid.255373 https://vuldb.com/?id.255373 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1972 – SourceCodester Online Job Portal EditProfile.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-1972
A vulnerability was found in SourceCodester Online Job Portal 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Employer/EditProfile.php. The manipulation of the argument Address leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://prnt.sc/gtk7Fj43Qwy9 https://vuldb.com/?ctiid.255128 https://vuldb.com/?id.255128 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1970 – SourceCodester Online Learning System V2 index.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-1970
A vulnerability, which was classified as problematic, was found in SourceCodester Online Learning System V2 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/OnlineLearningSystemV2-XSS.md https://vuldb.com/?ctiid.255126 https://vuldb.com/?id.255126 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1928 – SourceCodester Web-Based Student Clearance System Edit User Profile Page edit-admin.php sql injection
https://notcve.org/view.php?id=CVE-2024-1928
A vulnerability, which was classified as critical, has been found in SourceCodester Web-Based Student Clearance System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit-admin.php of the component Edit User Profile Page. The manipulation of the argument Fullname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Web-Based%20Student%20Clearance%20System%20-%20XSS.md https://vuldb.com/?ctiid.254864 https://vuldb.com/?id.254864 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1927 – SourceCodester Web-Based Student Clearance System login.php sql injection
https://notcve.org/view.php?id=CVE-2024-1927
A vulnerability classified as critical was found in SourceCodester Web-Based Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file /Admin/login.php. The manipulation of the argument txtpassword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Web-Based%20Student%20Clearance%20System%20-%20SQLi.md https://vuldb.com/?ctiid.254863 https://vuldb.com/?id.254863 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •