CVE-2024-7914 – SourceCodester Yoga Class Registration System SystemSettings.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-7914
A vulnerability classified as problematic has been found in SourceCodester Yoga Class Registration System 1.0. Affected is an unknown function of the file /php-ycrs/classes/SystemSettings.php. The manipulation of the argument address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Wsstiger/cve/blob/main/Yoga_xss2.md https://vuldb.com/?ctiid.275040 https://vuldb.com/?id.275040 https://vuldb.com/?submit.392193 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-7853 – SourceCodester Yoga Class Registration System sql injection
https://notcve.org/view.php?id=CVE-2024-7853
A vulnerability was found in SourceCodester Yoga Class Registration System up to 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=categories/view_category. The manipulation of the argument id leads to sql injection. • https://vuldb.com/?id.274758 https://vuldb.com/?ctiid.274758 https://vuldb.com/?submit.391666 https://github.com/Wsstiger/cve/blob/main/Yoga_sql.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-7852 – SourceCodester Yoga Class Registration System view_inquiry.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-7852
A vulnerability was found in SourceCodester Yoga Class Registration System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/inquiries/view_inquiry.php. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.274757 https://vuldb.com/?ctiid.274757 https://vuldb.com/?submit.391663 https://github.com/Wsstiger/cve/blob/main/Yoga_xss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-7851 – SourceCodester Yoga Class Registration System Add User Users.php improper authorization
https://notcve.org/view.php?id=CVE-2024-7851
A vulnerability has been found in SourceCodester Yoga Class Registration System 1.0 and classified as critical. This vulnerability affects unknown code of the file /classes/Users.php?f=save of the component Add User Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. • https://vuldb.com/?id.274756 https://vuldb.com/?ctiid.274756 https://vuldb.com/?submit.391640 https://github.com/Wsstiger/cve/blob/main/Yoga_add.md • CWE-285: Improper Authorization •
CVE-2023-1722 – Yoga Class Registration System 1.0 - ATO
https://notcve.org/view.php?id=CVE-2023-1722
Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators. • https://fluidattacks.com/advisories/wyckoff https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html • CWE-352: Cross-Site Request Forgery (CSRF) •