CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-37856 – Lost and Found Information System 1.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-37856
13 Jun 2024 — Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the first, last, middle name fields in the User Profile page. Lost and Found Information System version 1.0 suffers from a persistent cross site scripting vulnerability. • https://packetstorm.news/files/id/179078 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-33677
https://notcve.org/view.php?id=CVE-2023-33677
06 Mar 2024 — Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*". Sourcecodester Lost and Found Information System's Version 1.0 es vulnerable a una inyección SQL no autenticada en "?page=items/view&id=*". • https://github.com/ASR511-OO7/CVE-2023-33677 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 3CVE-2023-38965 – Lost and Found Information System 1.0 Insecure Direct Object Reference
https://notcve.org/view.php?id=CVE-2023-38965
12 Oct 2023 — Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI. Lost and Found Information System 1.0 permite la toma de control de cuentas mediante nombre de usuario y contraseña en un /classes/Users.php?f=save URI. Lost and Found Information System version 1.0 suffers from an insecure direct object reference vulnerability that allows for account takeover. • https://packetstorm.news/files/id/175077 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5018 – SourceCodester Lost and Found Information System POST Parameter sql injection
https://notcve.org/view.php?id=CVE-2023-5018
17 Sep 2023 — A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_category of the component POST Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. • https://vuldb.com/?ctiid.239859 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-36159
https://notcve.org/view.php?id=CVE-2023-36159
03 Aug 2023 — Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page. • https://github.com/unknown00759/CVE-2023-36159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3850 – SourceCodester Lost and Found Information System HTTP POST Request sql injection
https://notcve.org/view.php?id=CVE-2023-3850
23 Jul 2023 — A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_category of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. • https://vuldb.com/?ctiid.235201 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3680 – SourceCodester Lost and Found Information System HTTP POST Request sql injection
https://notcve.org/view.php?id=CVE-2023-3680
15 Jul 2023 — A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_item of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. • https://vuldb.com/?ctiid.234225 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3679 – SourceCodester Lost and Found Information System HTTP POST Request sql injection
https://notcve.org/view.php?id=CVE-2023-3679
15 Jul 2023 — A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=save_inquiry of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. • https://vuldb.com/?ctiid.234224 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 11%CPEs: 1EXPL: 4CVE-2023-33592 – Lost and Found Information System v1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2023-33592
28 Jun 2023 — Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information. Lost and Found Information System version 1.0 suffers from a remote SQL injection vulnerability. • https://packetstorm.news/files/id/173331 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3177 – SourceCodester Lost and Found Information System view_inquiry.php sql injection
https://notcve.org/view.php?id=CVE-2023-3177
09 Jun 2023 — A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin\inquiries\view_inquiry.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/AnotherN/cvv/blob/main/imgs/Lost%20and%20Found%20Information%20System%20-%20multiple%20vulnerabilities.md#4sql-injection-vulnerability-in-admininquiriesview_inquiryphp • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •