PT-2023-25781 · Code Projects · Code-Projects Gym Management System

Name of the Vulnerable Software and Affected Versions: Code-Projects Gym Management System version V1.0 Description: The issue allows remote attackers to execute arbitrary SQL commands via the login form, leading to unauthorized access and potential data manipulation. This arises due to...

CVE-2023-37068

Code-Projects Gym Management System v1.0 is affected by a SQL injection in the login form caused by insufficient validation of username and password input. This vulnerability enables remote attackers to run arbitrary SQL commands, leading to unauthorized access and potential data manipulation. Ex...

CVE-2023-37627

CVE-2023-37627 affects Code-projects Online Restaurant Management System 1.0. The vulnerability is an SQL Injection that can bypass the admin panel and allow viewing order records, and enabling adding or deleting items. Some connected data indicates a PoC exists, suggesting exploitation may be de...

CVE-2023-3339

A vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file exam-delete.php. The manipulation of the argument testid leads to sql injection. The attack can be launched remotely...

CVE-2023-3339

CVE-2023-3339 affects code-projects Agro-School Management System 1.0, specifically the exam-delete.php functionality. The root cause is SQL injection triggered by manipulating the test_id parameter, allowing remote exploitation. Multiple sources confirm the impact as a database query manipulatio...

CVE-2023-3339 code-projects Agro-School Management System exam-delete.php sql injection

A vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file exam-delete.php. The manipulation of the argument testid leads to sql injection. The attack can be launched remotely...

CVE-2023-3310 code-projects Agro-School Management System loaddata.php sql injection

A vulnerability, which was classified as critical, has been found in code-projects Agro-School Management System 1.0. Affected by this issue is some unknown functionality of the file loaddata.php. The manipulation of the argument subject/course leads to sql injection. The attack may be launched...

Design/Logic Flaw

A vulnerability classified as critical has been found in code-projects Supplier Management System 1.0. Affected is an unknown function of the file btnfunctions.php of the component Picture Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The...

CVE-2023-3274 code-projects Supplier Management System Picture btn_functions.php unrestricted upload

A vulnerability classified as critical has been found in code-projects Supplier Management System 1.0. Affected is an unknown function of the file btnfunctions.php of the component Picture Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The...

CVE-2023-3094

The CVE-2023-3094 entry affects code-projects Agro-School Management System 1.0, with the doUpdateQuestion function in btn_functions.php vulnerable to SQL injection via the question_id parameter. Publicly disclosed exploit guidance is available, and remote access is possible. The issue is referen...

CVE-2023-3062

A vulnerability was found in code-projects Agro-School Management System 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument password leads to sql injection. It is possible to launch the attack remotely. The identifier o...

Cross site scripting

A vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as problematic. This vulnerability affects the function doAddQuestion of the file btnfunctions.php. The manipulation of the argument Question leads to cross site scripting. The attack can be initiated...

CVE-2023-3062 code-projects Agro-School Management System index.php sql injection

A vulnerability was found in code-projects Agro-School Management System 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument password leads to sql injection. It is possible to launch the attack remotely. The identifier o...

CVE-2023-3061 code-projects Agro-School Management System Attachment Image btn_functions.php unrestricted upload

A vulnerability was found in code-projects Agro-School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file btnfunctions.php of the component Attachment Image Handler. The manipulation leads to unrestricted upload. The attack may be initiated...

CVE-2023-3060 code-projects Agro-School Management System btn_functions.php doAddQuestion cross site scripting

A vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as problematic. This vulnerability affects the function doAddQuestion of the file btnfunctions.php. The manipulation of the argument Question leads to cross site scripting. The attack can be initiated...

CVE-2023-3060

CVE-2023-3060 affects code-projects’ Agro-School Management System 1.0, specifically the vulnerable function doAddQuestion in btn_functions.php. The issue arises from improper handling of the Question argument, enabling cross-site scripting (XSS). Exploitation is described as remote. Several conn...

Sql injection

A vulnerability classified as critical has been found in code-projects Bus Dispatch and Information System 1.0. Affected is an unknown function of the file deletebus.php. The manipulation of the argument busid leads to sql injection. It is possible to launch the attack remotely. The exploit has...

CVE-2023-2951

The CVE-2023-2951 entry concerns code-projects Bus Dispatch and Information System 1.0. The vulnerability is a SQL injection in an unknown function within delete_bus.php caused by manipulated busid, enabling remote exploitation. Multiple sources confirm the impact and public disclosure of the exp...

CVE-2023-2774

A vulnerability was found in code-projects Bus Dispatch and Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file viewbranch.php. The manipulation of the argument branchid leads to sql injection. The attack may be launched remotely. Th...

Design/Logic Flaw

A vulnerability was found in code-projects Simple Photo Gallery 1.0. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to unrestricted upload. The attack can be initiated remotely. VDB-229282 is the identifier assigned to this vulnerability...