CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-8348 – SourceCodester Computer Laboratory Management System Master.php delete_category sql injection
https://notcve.org/view.php?id=CVE-2024-8348
30 Aug 2024 — A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laboratory Management System 1.0. Affected by this issue is the function delete_category of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. • https://github.com/gaorenyusi/gaorenyusi/blob/main/lms3.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-8347 – SourceCodester Computer Laboratory Management System Master.php delete_record sql injection
https://notcve.org/view.php?id=CVE-2024-8347
30 Aug 2024 — A vulnerability classified as critical was found in SourceCodester Computer Laboratory Management System 1.0. Affected by this vulnerability is the function delete_record of the file /classes/Master.php?f=delete_record. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. • https://github.com/gaorenyusi/gaorenyusi/blob/main/lms2.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-8346 – SourceCodester Computer Laboratory Management System SystemSettings.php update_settings_info sql injection
https://notcve.org/view.php?id=CVE-2024-8346
30 Aug 2024 — A vulnerability classified as critical has been found in SourceCodester Computer Laboratory Management System 1.0. Affected is the function update_settings_info of the file /classes/SystemSettings.php?f=update_settings. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. • https://github.com/gaorenyusi/gaorenyusi/blob/main/lms1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-34479
https://notcve.org/view.php?id=CVE-2024-34479
07 Aug 2024 — SourceCodester Computer Laboratory Management System 1.0 allows classes/Master.php id SQL Injection. • https://cxsecurity.com/issue/WLB-2024080004 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-34480
https://notcve.org/view.php?id=CVE-2024-34480
07 Aug 2024 — SourceCodester Computer Laboratory Management System 1.0 allows admin/category/view_category.php id SQL Injection. • https://cxsecurity.com/issue/WLB-2024080003 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-41332 – Computer Laboratory Management System 1.0 Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-41332
02 Aug 2024 — Incorrect access control in the delete_category function of Sourcecodester Computer Laboratory Management System v1.0 allows authenticated attackers with low-level privileges to arbitrarily delete categories. Computer Laboratory Management System version 1.0 suffers from an incorrect access control that allows for privilege escalation. • https://packetstorm.news/files/id/179890 • CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31586
https://notcve.org/view.php?id=CVE-2024-31586
20 Jun 2024 — A Cross Site Scripting (XSS) vulnerability exists in Computer Laboratory Management System version 1.0. This vulnerability allows a remote attacker to execute arbitrary code via the Borrower Name, Department, and Remarks parameters. Existe una vulnerabilidad de Cross Site Scripting (XSS) en la versión 1.0 de Computer Laboratory Management System. Esta vulnerabilidad permite a un atacante remoto ejecutar código arbitrario a través de los parámetros Nombre del prestatario, Departamento y Comentarios. • https://github.com/CyberSentryX/CVE_Hunting/tree/main/CVE-2024-31586 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31545
https://notcve.org/view.php?id=CVE-2024-31545
22 Apr 2024 — Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/?page=user/manage_user&id=6. Computer Laboratory Management System v1.0 es vulnerable a la inyección SQL a través del parámetro "id" de /admin/?page=user/manage_user&id=6. • https://github.com/emirhanmtl/vuln-research/blob/main/SQLi-4-Computer-Laboratory-Management-System-PoC.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31546
https://notcve.org/view.php?id=CVE-2024-31546
19 Apr 2024 — Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/damage/view_damage.php. Computer Laboratory Management System v1.0 es vulnerable a la inyección SQL a través del parámetro "id" de /admin/damage/view_damage.php. • https://github.com/emirhanmtl/vuln-research/blob/main/SQLi-2-Computer-Laboratory-Management-System-PoC.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3695 – SourceCodester Computer Laboratory Management System Users.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-3695
12 Apr 2024 — A vulnerability has been found in SourceCodester Computer Laboratory Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/E1CHO/cve_hub/blob/main/Computer%20Laboratory%20Management%20System%20using%20PHP%20and%20MySQL%20-%20vuln%202.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •