CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-37857 – Lost and Found Information System 1.0 SQL Injection
https://notcve.org/view.php?id=CVE-2024-37857
13 Jun 2024 — SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via id parameter to php-lfis/admin/categories/view_category.php. Lost and Found Information System version 1.0 suffers from an unauthenticated blind boolean-based remote SQL injection vulnerability. • https://packetstorm.news/files/id/179080 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-37859 – Lost and Found Information System 1.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-37859
13 Jun 2024 — Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the page parameter to php-lfis/admin/index.php. Lost and Found Information System version 1.0 suffers from a reflective cross site scripting vulnerability. • https://packetstorm.news/files/id/179081 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-33676
https://notcve.org/view.php?id=CVE-2023-33676
07 Mar 2024 — Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*" which can be escalated to the remote command execution. Sourcecodester Lost and Found Information System's Version 1.0 es vulnerable a una inyección SQL no autenticada en "?page=items/view&id=*" que puede escalarse a la ejecución remota de comandos. • https://github.com/ASR511-OO7/CVE-2023-33676 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-33677
https://notcve.org/view.php?id=CVE-2023-33677
06 Mar 2024 — Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*". Sourcecodester Lost and Found Information System's Version 1.0 es vulnerable a una inyección SQL no autenticada en "?page=items/view&id=*". • https://github.com/ASR511-OO7/CVE-2023-33677 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •