4 results (0.002 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

File Upload vulnerability found in Oretnom23 Storage Unit Rental Management System v.1.0 allows a remote attacker to execute arbitrary code via the update_settings parameter. • https://github.com/qingning988/cve_report/blob/main/storage-unit-rental-management-system/RCE-1.md https://www.github.com • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

A vulnerability classified as problematic was found in SourceCodester Storage Unit Rental Management System 1.0. This vulnerability affects unknown code of the file classes/Users.php?f=save. The manipulation leads to unrestricted upload. The attack can be initiated remotely. • https://github.com/ret2hh/bug_report/blob/main/UPLOAD.md https://vuldb.com/?ctiid.223552 https://vuldb.com/?id.223552 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

A Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Storage Unit Rental Management System PHP 8.0.10 , Apache 2.4.14, SURMS V 1.0 via the Add New Tenant List Rent List form. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en Sourcecodester Storage Unit Rental Management System PHP versión 8.0.10 , Apache 2.4.14, SURMS versión V1.0, por medio del formulario Add New Tenant List Rent List • https://cxsecurity.com/issue/WLB-2022090036 https://www.sourcecodester.com/php/14932/storage-unit-rental-management-system-using-php-free-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

SQL injection vulnerability in Sourcecodester Storage Unit Rental Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /storage/classes/Login.php. Una vulnerabilidad de inyección SQL en Sourcecodester Storage Unit Rental Management System versión v1 by oretnom23, permite a atacantes ejecutar comandos SQL arbitrarios por medio del parámetro username en el archivo /storage/classes/Login.php • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/CVE-nu11-08-09072021 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •