CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-22628
https://notcve.org/view.php?id=CVE-2024-22628
16 Jan 2024 — Budget and Expense Tracker System v1.0 is vulnerable to SQL Injection via /expense_budget/admin/?page=reports/budget&date_start=2023-12-28&date_end= Budget and Expense Tracker System v1.0 es vulnerable a la inyección SQL a través de /expense_budget/admin/?page=reports/budget&date_start=2023-12-28&date_end= • https://github.com/GaoZzr/CVE_report/blob/main/budget-and-expense-tracker-system/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2772 – SourceCodester Budget and Expense Tracker System GET Parameter manage_budget.php sql injection
https://notcve.org/view.php?id=CVE-2023-2772
17 May 2023 — A vulnerability, which was classified as critical, was found in SourceCodester Budget and Expense Tracker System 1.0. Affected is an unknown function of the file /admin/budget/manage_budget.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/wucwu1/CVEApplication/blob/main/SQL.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 7%CPEs: 1EXPL: 1CVE-2021-40247
https://notcve.org/view.php?id=CVE-2021-40247
21 Jan 2022 — SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field. Una vulnerabilidad de inyección SQL en Sourcecodester Budget and Expense Tracker System versión v1 por oretnom23, permite a atacantes ejecutar comandos SQL arbitrarios por medio del campo username • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/B%26E%20Tracker-by:oretnom23-v1.0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 10%CPEs: 1EXPL: 2CVE-2021-41645
https://notcve.org/view.php?id=CVE-2021-41645
29 Oct 2021 — Remote Code Execution (RCE) vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field. . Se presenta una vulnerabilidad de Ejecución de Código Remota (RCE) en Sourcecodester Budget and Expense Tracker System versión 1.0, que permite a un usuario remoto malicioso inyectar código arbitrario por medio del campo image upload • https://github.com/hax3xploit/CVE-2021-41645 • CWE-434: Unrestricted Upload of File with Dangerous Type •