CVE-2024-10742 – code-projects Wazifa System control.php sql injection
https://notcve.org/view.php?id=CVE-2024-10742
A vulnerability was found in code-projects Wazifa System 1.0 and classified as critical. This issue affects some unknown processing of the file /controllers/control.php. The manipulation of the argument to leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org https://github.com/xiaokka/cve/blob/main/sql.md https://vuldb.com/?ctiid.282911 https://vuldb.com/?id.282911 https://vuldb.com/?submit.436030 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-10699 – code-projects Wazifa System logincontrol.php sql injection
https://notcve.org/view.php?id=CVE-2024-10699
A vulnerability was found in code-projects Wazifa System 1.0. It has been classified as critical. This affects an unknown part of the file /controllers/logincontrol.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. • https://code-projects.org https://github.com/lan041221/cve/blob/main/sql9.md https://vuldb.com/?ctiid.282867 https://vuldb.com/?id.282867 https://vuldb.com/?submit.435048 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •