CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0294 – SourceCodester Home Clean Services Management System process.php sql injection
https://notcve.org/view.php?id=CVE-2025-0294
07 Jan 2025 — A vulnerability has been found in SourceCodester Home Clean Services Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /public_html/admin/process.php. The manipulation of the argument type/length/business leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/xiaosguang/cve/blob/main/Home%20Clean%20Services%20Management/Home%20Clean%20Services%20Management%20System%20process.php%20id%20SQL%20injection.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1840 – Home Clean Services Management System cross site scripting
https://notcve.org/view.php?id=CVE-2022-1840
24 May 2022 — A vulnerability, which was classified as problematic, has been found in Home Clean Services Management System 1.0. This issue affects register.php?link=registerand. The manipulation with the input <script>alert(1)</script> leads to cross site scripting. The attack may be initiated remotely but demands authentication. • https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/Home%20Clean%20Services%20Management%20System/Home%20Clean%20Services%20Management%20System%20Stored%20Cross-Site%20Scripting%28XSS%29.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1839 – Home Clean Services Management System login.php sql injection
https://notcve.org/view.php?id=CVE-2022-1839
24 May 2022 — A vulnerability classified as critical was found in Home Clean Services Management System 1.0. This vulnerability affects the file login.php. The manipulation of the argument email with the input admin%'/**/AND/**/(SELECT/**/5383/**/FROM/**/(SELECT(SLEEP(2)))JPeh)/**/AND/**/'frfq%'='frfq leads to sql injection. The attack can be initiated remotely but it requires authentication. Exploit details have been disclosed to the public. • https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/Home%20Clean%20Services%20Management%20System/HCS_login_email_SQL_injection.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1838 – Home Clean Services Management System login.php sql injection
https://notcve.org/view.php?id=CVE-2022-1838
24 May 2022 — A vulnerability classified as critical has been found in Home Clean Services Management System 1.0. This affects an unknown part of admin/login.php. The manipulation of the argument username with the input admin%'/**/AND/**/(SELECT/**/5383/**/FROM/**/(SELECT(SLEEP(5)))JPeh)/**/AND/**/'frfq%'='frfq leads to sql injection. It is possible to initiate the attack remotely but it requires authentication. Exploit details have been disclosed to the public. • https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/Home%20Clean%20Services%20Management%20System/HCS_admin_SQL_Inject.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 1%CPEs: 1EXPL: 1CVE-2022-1837 – Home Clean Services Management System unrestricted upload
https://notcve.org/view.php?id=CVE-2022-1837
24 May 2022 — A vulnerability was found in Home Clean Services Management System 1.0. It has been rated as critical. Affected by this issue is register.php?link=registerand. The manipulation with the input <? • https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/Home%20Clean%20Services%20Management%20System/HCS_add_register.php_File_Upload_Getshell.md • CWE-434: Unrestricted Upload of File with Dangerous Type •