CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40070
https://notcve.org/view.php?id=CVE-2024-40070
16 Apr 2025 — Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/Users.php?f=save. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. • https://github.com/DiliLearngent/BugReport/blob/main/php/Online-ID-Generator-System/bug6-File-upload-img2.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40068
https://notcve.org/view.php?id=CVE-2024-40068
16 Apr 2025 — Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at id_generator/admin/?page=templates/manage_template&id=1. • https://github.com/DiliLearngent/BugReport/blob/main/php/Online-ID-Generator-System/bug5-SQL-Injection-id2.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40074
https://notcve.org/view.php?id=CVE-2024-40074
16 Apr 2025 — Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/SystemSettings.php?f=update_settings, and the point of vulnerability is in the POST parameter 'short_name'. • https://github.com/DiliLearngent/BugReport/blob/main/php/Online-ID-Generator-System/bug1-XSS-short_name.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40073
https://notcve.org/view.php?id=CVE-2024-40073
16 Apr 2025 — Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the template parameter at id_generator/admin/?page=generate&template=4. • https://github.com/DiliLearngent/BugReport/blob/main/php/Online-ID-Generator-System/bug4-SQL-Injection-template.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40071
https://notcve.org/view.php?id=CVE-2024-40071
16 Apr 2025 — Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. • https://github.com/DiliLearngent/BugReport/blob/main/php/Online-ID-Generator-System/bug2-File-upload-img.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40069
https://notcve.org/view.php?id=CVE-2024-40069
16 Apr 2025 — Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/Users.php?f=save, and the point of vulnerability is in the POST parameter 'firstname' and 'lastname'. • https://github.com/DiliLearngent/BugReport/blob/main/php/Online-ID-Generator-System/bug7-XSS-firstname-lastname.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40072
https://notcve.org/view.php?id=CVE-2024-40072
16 Apr 2025 — Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at id_generator/admin/?page=generate/index&id=1. • https://github.com/DiliLearngent/BugReport/blob/main/php/Online-ID-Generator-System/bug3-SQL-Injection-id1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •