CVE-2023-1858 – SourceCodester Earnings and Expense Tracker App index.php information disclosure
https://notcve.org/view.php?id=CVE-2023-1858
A vulnerability was found in SourceCodester Earnings and Expense Tracker App 1.0. It has been classified as problematic. This affects an unknown part of the file index.php. The manipulation of the argument page leads to information disclosure. It is possible to initiate the attack remotely. • https://vuldb.com/?ctiid.224997 https://vuldb.com/?id.224997 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-1785 – SourceCodester Earnings and Expense Tracker App manage_user.php sql injection
https://notcve.org/view.php?id=CVE-2023-1785
A vulnerability was found in SourceCodester Earnings and Expense Tracker App 1.0. It has been classified as critical. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. • https://github.com/web-zxl/img/blob/main/4.png https://vuldb.com/?ctiid.224700 https://vuldb.com/?id.224700 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-1690 – SourceCodester Earnings and Expense Tracker App cross site scripting
https://notcve.org/view.php?id=CVE-2023-1690
A vulnerability, which was classified as problematic, has been found in SourceCodester Earnings and Expense Tracker App 1.0. This issue affects some unknown processing of the file LoginRegistration.php?a=register_user. The manipulation of the argument fullname leads to cross site scripting. The attack may be initiated remotely. • https://vuldb.com/?ctiid.224309 https://vuldb.com/?id.224309 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-1689 – SourceCodester Earnings and Expense Tracker App cross site scripting
https://notcve.org/view.php?id=CVE-2023-1689
A vulnerability classified as problematic was found in SourceCodester Earnings and Expense Tracker App 1.0. This vulnerability affects unknown code of the file Master.php?a=save_earning. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. • https://vuldb.com/?ctiid.224308 https://vuldb.com/?id.224308 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •