CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2393 – SourceCodester CRUD without Page Reload add_user.php sql injection
https://notcve.org/view.php?id=CVE-2024-2393
A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file add_user.php. The manipulation of the argument city leads to sql injection. The attack can be launched remotely. • https://github.com/CveSecLook/cve/blob/main/CRUD%20(Create%2C%20Read%2C%20Update%2C%20Delete)%20Without%20Page%20Reload%3ARefresh%20Using%20PHP%20and%20MySQL%20with%20Source%20Code%202/sql-1.md https://vuldb.com/?ctiid.256453 https://vuldb.com/?id.256453 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1215 – SourceCodester CRUD without Page Reload fetch_data.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-1215
A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file fetch_data.php. The manipulation of the argument username/city leads to cross site scripting. The attack may be launched remotely. • https://github.com/PrecursorYork/crud-without-refresh-reload-Reflected_XSS-POC/blob/main/README.md https://vuldb.com/?ctiid.252782 https://vuldb.com/?id.252782 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •