3482 matches found
CVE-2024-31610
File Upload vulnerability in the function for employees to upload avatars in Code-Projects Simple School Management System v1.0 allows attackers to run arbitrary code via upload of crafted file...
CVE-2024-31610
CVE-2024-31610 affects Code-Projects Simple School Management System v1.0. The issue is a File Upload vulnerability in the avatar upload function that allows an attacker to execute arbitrary code by uploading a crafted file. Reported metrics indicate a network attack vector with low privileges re...
CVE-2024-3369
CVE-2024-3369 affects code-projects Car Rental 1.0. The vulnerability is in add-vehicle.php, where manipulation of the Upload Image parameter enables unrestricted file upload. This can be exploited remotely and has been disclosed publicly, classed as critical with high impact to confidentiality, ...
Blood Bank 1.0 Cross Site Scripting
Exploit Title: Blood Bank v1.0 Stored Cross Site Scripting XSS Date: 2023-11-14 Exploit Author: Ersin Erenler Vendor Homepage: https://code-projects.org/blood-bank-in-php-with-source-code Software Link: https://download-media.code-projects.org/2020/11/BloodBankInPHPWithSourcecode.zip Version: 1.0...
Blood Bank v1.0 - Stored Cross Site Scripting (XSS)
Exploit Title: Blood Bank v1.0 Stored Cross Site Scripting XSS Date: 2023-11-14 Exploit Author: Ersin Erenler Vendor Homepage: https://code-projects.org/blood-bank-in-php-with-source-code Software Link: https://download-media.code-projects.org/2020/11/BloodBankInPHPWithSourcecode.zip Version: 1.0...
CVE-2024-3004
A vulnerability was found in code-projects Online Book System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Product.php. The manipulation of the argument value leads to cross site scripting. The attack may be launched remotely. The exploit ha...
CVE-2024-3004 code-projects Online Book System Product.php cross site scripting
A vulnerability was found in code-projects Online Book System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Product.php. The manipulation of the argument value leads to cross site scripting. The attack may be launched remotely. The exploit ha...
CVE-2024-3004
CVE-2024-3004 affects code-projects Online Book System 1.0. The vulnerability arises from manipulation of an argument value in the file /Product.php , enabling cross-site scripting (XSS) . The issue is exploitable remotely, and the exploit has been disclosed publicly. Affected product/version: On...
CVE-2024-3003
A vulnerability has been found in code-projects Online Book System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cart.php. The manipulation of the argument quantity/remove leads to sql injection. The attack can be launched remotely. The...
CVE-2024-3000
A vulnerability classified as critical was found in code-projects Online Book System 1.0. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument username/password/loginusername/loginpassword leads to sql injection. The attack can be initiated remotely. Th...
CVE-2024-3001
A vulnerability, which was classified as critical, has been found in code-projects Online Book System 1.0. This issue affects some unknown processing of the file /Product.php. The manipulation of the argument value leads to sql injection. The attack may be initiated remotely. The exploit has been...
CVE-2024-3003
CVE-2024-3003 affects code-projects Online Book System 1.0, where the /cart.php endpoint’s quantity/remove parameter is vulnerable to SQL injection due to lack of input validation. This can be exploited remotely and has been publicly disclosed, with VDB-258205 assigned. Multiple sources corrobora...
CVE-2024-3002
CVE-2024-3002 affects code-projects Online Book System 1.0. The vulnerability is in /description.php where the ID parameter is not validated, allowing remote SQL injection. Exploitation is possible remotely, and multiple sources note public disclosure. Documented impact is data theft/alteration r...
CVE-2024-3001
CVE-2024-3001 affects code-projects Online Book System 1.0. The vulnerability resides in the handling of a value passed to /Product.php, where input manipulation enables SQL injection. It can be exploited remotely without authentication and requires no user interaction. Public exploit information...
CVE-2024-3001 code-projects Online Book System Product.php sql injection
A vulnerability, which was classified as critical, has been found in code-projects Online Book System 1.0. This issue affects some unknown processing of the file /Product.php. The manipulation of the argument value leads to sql injection. The attack may be initiated remotely. The exploit has been...
CVE-2024-3000 code-projects Online Book System index.php sql injection
A vulnerability classified as critical was found in code-projects Online Book System 1.0. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument username/password/loginusername/loginpassword leads to sql injection. The attack can be initiated remotely. Th...
CVE-2024-3000
The CVE-2024-3000 entry affects code-projects Online Book System 1.0, specifically the /index.php file. Vulnerable input points are username, password, login_username, and login_password, whose improper handling allows SQL injection. Exploitation is remote and the exploit has been publicly disclo...
PT-2024-23177 · Unknown · Code-Projects Online Book System
Name of the Vulnerable Software and Affected Versions: code-projects Online Book System version 1.0 Description: A critical vulnerability was found in the code-projects Online Book System. This issue affects the file /index.php and is related to the manipulation of the username, password, login...
CVE-2024-2927
A vulnerability was found in code-projects Mobile Shop 1.0. It has been classified as critical. Affected is an unknown function of the file Details.php of the component Login Page. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploi...
CVE-2024-2927
CVE-2024-2927 affects code-projects Mobile Shop 1.0, specifically the Login Page’s Details.php. The vulnerability is a SQL injection triggered by manipulating the id parameter, with remote-exploitability and a critical impact profile per the sources. Multiple advisories (NVD, Red Hat CVE, CVE lis...