CVE-2023-7055 – PHPGurukul Online Notes Sharing System Contact Information profile.php access control
https://notcve.org/view.php?id=CVE-2023-7055
A vulnerability classified as problematic has been found in PHPGurukul Online Notes Sharing System 1.0. Affected is an unknown function of the file /user/profile.php of the component Contact Information Handler. The manipulation of the argument mobilenumber leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/notes_parameter_tampering.md https://vuldb.com/?ctiid.248742 https://vuldb.com/?id.248742 • CWE-284: Improper Access Control CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2023-7054 – PHPGurukul Online Notes Sharing System add-notes.php unrestricted upload
https://notcve.org/view.php?id=CVE-2023-7054
A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /user/add-notes.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. • https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/notes_malicious_fileupload.md https://vuldb.com/?ctiid.248741 https://vuldb.com/?id.248741 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2023-7053 – PHPGurukul Online Notes Sharing System signup.php weak password
https://notcve.org/view.php?id=CVE-2023-7053
A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user/signup.php. The manipulation leads to weak password requirements. The attack can be initiated remotely. • https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/note_weakpass.md https://vuldb.com/?ctiid.248740 https://vuldb.com/?id.248740 • CWE-521: Weak Password Requirements •
CVE-2023-7052 – PHPGurukul Online Notes Sharing System profile.php cross-site request forgery
https://notcve.org/view.php?id=CVE-2023-7052
A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been classified as problematic. This affects an unknown part of the file /user/profile.php. The manipulation of the argument name leads to cross-site request forgery. It is possible to initiate the attack remotely. • https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/csrf_profile_notes.md https://vuldb.com/?ctiid.248739 https://vuldb.com/?id.248739 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-7051 – PHPGurukul Online Notes Sharing System manage-notes.php cross-site request forgery
https://notcve.org/view.php?id=CVE-2023-7051
A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/manage-notes.php of the component Notes Handler. The manipulation of the argument delid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/csrf_delete_notes.md https://vuldb.com/?ctiid.248738 https://vuldb.com/?id.248738 • CWE-352: Cross-Site Request Forgery (CSRF) •