CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3433 – PuneethReddyHC Event Management register.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-3433
A vulnerability classified as problematic has been found in PuneethReddyHC Event Management 1.0. Affected is an unknown function of the file /backend/register.php. The manipulation of the argument event_id/full_name/email/mobile/college/branch leads to cross site scripting. It is possible to launch the attack remotely. VDB-259614 is the identifier assigned to this vulnerability. • https://packetstormsecurity.com/files/177841/Event-Management-1.0-SQL-Injection.html https://vuldb.com/?ctiid.259614 https://vuldb.com/?id.259614 https://vuldb.com/?submit.307744 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3432 – PuneethReddyHC Event Management register.php sql injection
https://notcve.org/view.php?id=CVE-2024-3432
A vulnerability was found in PuneethReddyHC Event Management 1.0. It has been rated as critical. This issue affects some unknown processing of the file /backend/register.php. The manipulation of the argument event_id/full_name/email/mobile/college/branch leads to sql injection. The attack may be initiated remotely. • https://packetstormsecurity.com/files/177841/Event-Management-1.0-SQL-Injection.html https://vuldb.com/?ctiid.259613 https://vuldb.com/?id.259613 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1102 – SourceCodester Royale Event Management System companyprofile.php cross site scripting
https://notcve.org/view.php?id=CVE-2022-1102
A vulnerability classified as problematic has been found in SourceCodester Royale Event Management System 1.0. Affected is an unknown function of the file /royal_event/companyprofile.php. The manipulation of the argument companyname/regno/companyaddress/companyemail leads to cross site scripting. It is possible to launch the attack remotely. VDB-195786 is the identifier assigned to this vulnerability. • https://vuldb.com/?ctiid.195786 https://vuldb.com/?id.195786 https://www.sourcecodester.com/php/15238/event-management-system-project-php-source-code.html? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1101 – SourceCodester Royale Event Management System userregister.php improper authentication
https://notcve.org/view.php?id=CVE-2022-1101
A vulnerability was found in SourceCodester Royale Event Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /royal_event/userregister.php. The manipulation leads to improper authentication. The attack may be initiated remotely. • https://vuldb.com/?ctiid.195785 https://vuldb.com/?id.195785 • CWE-287: Improper Authentication •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-38323
https://notcve.org/view.php?id=CVE-2022-38323
Event Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /Royal_Event/update_image.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. Se ha detectado que Event Management System versión v1.0, contiene una vulnerabilidad de descarga de archivos arbitraria por medio del componente /Royal_Event/update_image.php. Esta vulnerabilidad permite a atacantes ejecutar código arbitrario por medio de un archivo PHP diseñado • https://github.com/Gsir97/bug_report/blob/main/vendors/Nikhil_B/event-management-system/RCE-1.md • CWE-434: Unrestricted Upload of File with Dangerous Type •