CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6440 – SourceCodester Home Owners Collection Management System sql injection
https://notcve.org/view.php?id=CVE-2024-6440
02 Jul 2024 — A vulnerability was found in SourceCodester Home Owners Collection Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. • https://github.com/reverseD0G/cve/blob/main/sql.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2024-6439 – SourceCodester Home Owners Collection Management System unrestricted upload
https://notcve.org/view.php?id=CVE-2024-6439
02 Jul 2024 — A vulnerability was found in SourceCodester Home Owners Collection Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Users.php?f=save. The manipulation of the argument img leads to unrestricted upload. The attack may be initiated remotely. • https://github.com/GAO-UNO/cve/blob/main/upload.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28078
https://notcve.org/view.php?id=CVE-2022-28078
11 May 2022 — Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['page'] parameter. Se ha detectado que Home Owners Collection Management versión v1, contiene una vulnerabilidad de tipo cross-site scripting (XSS) reflejado en el panel de administración por medio del parámetro $_GET["page'] • https://github.com/bigzooooz/CVE-2022-28078 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28077
https://notcve.org/view.php?id=CVE-2022-28077
11 May 2022 — Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['s'] parameter. Se ha detectado que Home Owners Collection Management versión v1, contiene una vulnerabilidad de tipo cross-site scripting (XSS) reflejado en el panel de administración por medio del parámetro $_GET["s"] • https://github.com/bigzooooz/CVE-2022-28077 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28414
https://notcve.org/view.php?id=CVE-2022-28414
21 Apr 2022 — Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_member. Se ha detectado que Home Owners Collection Management System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio de /hocms/classes/Master.php?f=delete_member • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/Home-Owners-Collection-Management/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28415
https://notcve.org/view.php?id=CVE-2022-28415
21 Apr 2022 — Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_collection. Se ha detectado que Home Owners Collection Management System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio de /hocms/classes/Master.php?f=delete_collection • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/Home-Owners-Collection-Management/SQLi-2.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28416
https://notcve.org/view.php?id=CVE-2022-28416
21 Apr 2022 — Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_phase. Se ha detectado que Home Owners Collection Management System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio de /hocms/classes/Master.php?f=delete_phase • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/Home-Owners-Collection-Management/SQLi-3.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28417
https://notcve.org/view.php?id=CVE-2022-28417
21 Apr 2022 — Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_phase. Se ha detectado que Home Owners Collection Management System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio de /hocms/classes/Master.php?f=delete_phase • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/Home-Owners-Collection-Management/SQLi-4.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25115
https://notcve.org/view.php?id=CVE-2022-25115
02 Mar 2022 — A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user/manage_user of Home Owners Collection Management System v1.0 allows attackers to execute arbitrary code via a crafted PNG file. Una vulnerabilidad de ejecución de código remota (RCE) en el parámetro Avatar bajo /admin/?page=user/manage_user de Home Owners Collection Management System versión v1.0, permite a atacantes ejecutar código arbitrario por medio de un archivo PNG diseñado • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2022/Home-Owners-Collection-Management • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25045
https://notcve.org/view.php?id=CVE-2022-25045
02 Mar 2022 — Home Owners Collection Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. Se ha detectado que Home Owners Collection Management System versión v1.0, contiene credenciales embebidas que permiten a atacantes escalar privilegios y acceder al panel de administración • https://github.com/VivekPanday12/CVE-/issues/6 • CWE-798: Use of Hard-coded Credentials •