CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2483 – Surya2Developer Hostel Management Service Password Change change-password.php cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-2483
A vulnerability, which was classified as problematic, has been found in Surya2Developer Hostel Management Service 1.0. This issue affects some unknown processing of the file /change-password.php of the component Password Change Handler. The manipulation of the argument oldpassword leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/blackslim3/cve_sidequest/blob/main/poc/CSRF%20on%20Hostel%20Management%20System%20using%20PHP%20and%20MySQL%201.0.md https://vuldb.com/?ctiid.256889 https://vuldb.com/?id.256889 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2482 – Surya2Developer Hostel Management Service HTTP POST Request check_availability.php observable response discrepancy
https://notcve.org/view.php?id=CVE-2024-2482
A vulnerability has been found in Surya2Developer Hostel Management Service 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /check_availability.php of the component HTTP POST Request Handler. The manipulation of the argument oldpassword leads to observable response discrepancy. The attack can be launched remotely. The complexity of an attack is rather high. • https://github.com/blackslim3/cve_sidequest/blob/main/poc/Username_and_Password_Enumeration%20on%20Hostel%20Management%20System%20using%20PHP%20and%20MySQL%201.0.md https://vuldb.com/?ctiid.256891 https://vuldb.com/?id.256891 • CWE-204: Observable Response Discrepancy •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2024-2481 – Surya2Developer Hostel Management System manage-students.php access control
https://notcve.org/view.php?id=CVE-2024-2481
A vulnerability, which was classified as critical, was found in Surya2Developer Hostel Management System 1.0. Affected is an unknown function of the file /admin/manage-students.php. The manipulation of the argument del leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/afine-com/CVE-2024-24816 https://github.com/blackslim3/cve_sidequest/blob/main/poc/Broken_Access_Control%20on%20Hostel%20Management%20System%20using%20PHP%20and%20MySQL%201.0.md https://vuldb.com/?ctiid.256890 https://vuldb.com/?id.256890 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1971 – Surya2Developer Online Shopping System POST Parameter login.php sql injection
https://notcve.org/view.php?id=CVE-2024-1971
A vulnerability has been found in Surya2Developer Online Shopping System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Parameter Handler. The manipulation of the argument password with the input nochizplz'+or+1%3d1+limit+1%23 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/Surya2Developer%20Online_shopping_-system/SQL%20Injection%20Auth.md https://vuldb.com/?ctiid.255127 https://vuldb.com/?id.255127 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •