CVE-2024-11247 – SourceCodester Online Eyewear Shop Inventory Page Master.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-11247
A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=save_product of the component Inventory Page. The manipulation of the argument brand leads to cross site scripting. The attack can be launched remotely. • https://github.com/Fl4g-Pshacker/cve/blob/main/xss.md https://vuldb.com/?ctiid.284683 https://vuldb.com/?id.284683 https://vuldb.com/?submit.443194 https://www.sourcecodester.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-9974 – SourceCodester Online Eyewear Shop POST Request Master.php sql injection
https://notcve.org/view.php?id=CVE-2024-9974
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file classes/Master.php?f=add_to_card of the component POST Request Handler. The manipulation of the argument product_id leads to sql injection. • https://gist.github.com/higordiego/2373b9e3e89f03e5f8888efd38eb4b48 https://vuldb.com/?ctiid.280339 https://vuldb.com/?id.280339 https://vuldb.com/?submit.423231 https://www.sourcecodester.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-9973 – SourceCodester Online Eyewear Shop Report Viewing Page page sql injection
https://notcve.org/view.php?id=CVE-2024-9973
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=reports of the component Report Viewing Page. The manipulation of the argument date leads to sql injection. • https://gist.github.com/higordiego/b9699573de61b26f2290e69f38d23fd0 https://vuldb.com/?ctiid.280338 https://vuldb.com/?id.280338 https://vuldb.com/?submit.423167 https://www.sourcecodester.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-9952 – SourceCodester Online Eyewear Shop Contact Information Page contact_info cross site scripting
https://notcve.org/view.php?id=CVE-2024-9952
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/?page=system_info/contact_info of the component Contact Information Page. The manipulation of the argument Address leads to cross site scripting. The attack may be initiated remotely. • https://gist.github.com/higordiego/bedd395e74a335f0145872c96d7cb92d https://vuldb.com/?ctiid.280319 https://vuldb.com/?id.280319 https://vuldb.com/?submit.423229 https://www.sourcecodester.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-9906 – SourceCodester Online Eyewear Shop cross site scripting
https://notcve.org/view.php?id=CVE-2024-9906
A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /admin/?page=inventory/view_inventory&id=2. The manipulation of the argument Code leads to cross site scripting. It is possible to launch the attack remotely. • https://gist.github.com/higordiego/1c1e1709a6832cb63bbe9e9328f55ff9 https://vuldb.com/?ctiid.280182 https://vuldb.com/?id.280182 https://vuldb.com/?submit.422612 https://www.sourcecodester.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •