CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-22628
https://notcve.org/view.php?id=CVE-2024-22628
16 Jan 2024 — Budget and Expense Tracker System v1.0 is vulnerable to SQL Injection via /expense_budget/admin/?page=reports/budget&date_start=2023-12-28&date_end= Budget and Expense Tracker System v1.0 es vulnerable a la inyección SQL a través de /expense_budget/admin/?page=reports/budget&date_start=2023-12-28&date_end= • https://github.com/GaoZzr/CVE_report/blob/main/budget-and-expense-tracker-system/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5286 – SourceCodester Expense Tracker App Category add_category.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-5286
29 Sep 2023 — A vulnerability, which was classified as problematic, has been found in SourceCodester Expense Tracker App v1. Affected by this issue is some unknown functionality of the file add_category.php of the component Category Handler. The manipulation of the argument category_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/xcodeOn1/XSS-Stored-Expense-Tracker-App • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-44048
https://notcve.org/view.php?id=CVE-2023-44048
27 Sep 2023 — Sourcecodester Expense Tracker App v1 is vulnerable to Cross Site Scripting (XSS) via add category. La aplicación Sourcecodester Expense Tracker v1 es vulnerable a Cross Site Scripting (XSS) a través de la categoría "add". • https://github.com/xcodeOn1/XSS-Stored-Expense-Tracker-App/tree/main • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2772 – SourceCodester Budget and Expense Tracker System GET Parameter manage_budget.php sql injection
https://notcve.org/view.php?id=CVE-2023-2772
17 May 2023 — A vulnerability, which was classified as critical, was found in SourceCodester Budget and Expense Tracker System 1.0. Affected is an unknown function of the file /admin/budget/manage_budget.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/wucwu1/CVEApplication/blob/main/SQL.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1688 – SourceCodester Earnings and Expense Tracker App cross site scripting
https://notcve.org/view.php?id=CVE-2023-1688
29 Mar 2023 — A vulnerability classified as problematic has been found in SourceCodester Earnings and Expense Tracker App 1.0. This affects an unknown part of the file Master.php?a=save_expense. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. • https://vuldb.com/?ctiid.224307 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45033
https://notcve.org/view.php?id=CVE-2022-45033
15 Dec 2022 — A cross-site scripting (XSS) vulnerability in Expense Tracker 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat text field. Una vulnerabilidad de Cross-Site Scripting (XSS) en Expense Tracker 1.0 permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectado en el campo de texto del Chat. • https://github.com/cyb3r-n3rd/cve-request/blob/main/cve-poc-payload • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 7%CPEs: 1EXPL: 1CVE-2021-40247
https://notcve.org/view.php?id=CVE-2021-40247
21 Jan 2022 — SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field. Una vulnerabilidad de inyección SQL en Sourcecodester Budget and Expense Tracker System versión v1 por oretnom23, permite a atacantes ejecutar comandos SQL arbitrarios por medio del campo username • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/B%26E%20Tracker-by:oretnom23-v1.0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 10%CPEs: 1EXPL: 2CVE-2021-41645
https://notcve.org/view.php?id=CVE-2021-41645
29 Oct 2021 — Remote Code Execution (RCE) vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field. . Se presenta una vulnerabilidad de Ejecución de Código Remota (RCE) en Sourcecodester Budget and Expense Tracker System versión 1.0, que permite a un usuario remoto malicioso inyectar código arbitrario por medio del campo image upload • https://github.com/hax3xploit/CVE-2021-41645 • CWE-434: Unrestricted Upload of File with Dangerous Type •