Lucene search
K

663 matches found

CVE
CVE
added 2024/09/12 2:31 a.m.50 views

CVE-2024-8709

CVE-2024-8709 affects SourceCodester Best House Rental Management System 1.0. The vulnerable component is the delete_user/save_user function in /admin_class.php, where manipulating the id parameter causes SQL injection. This allows remote exploitation; public exploit info exists. Remediation guid...

8.8CVSS7.1AI score0.00601EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/12 12:31 a.m.10 views

CVE-2024-8707 云课网络科技有限公司 Yunke Online School System Appadmin.php downfile path traversal

A vulnerability was found in 云课网络科技有限公司 Yunke Online School System up to 3.0.6. It has been declared as problematic. This vulnerability affects the function downfile of the file application/admin/controller/Appadmin.php. The manipulation of the argument url leads to path traversal. The attack can...

5.3CVSS6.9AI score0.00535EPSS
Exploits0References4
NVD
NVD
added 2024/09/11 9:15 p.m.21 views

CVE-2024-8694

A vulnerability, which was classified as problematic, was found in JFinalCMS up to 20240903. This affects the function update of the file /admin/template/update of the component com.cms.controller.admin.TemplateController. The manipulation of the argument fileName leads to path traversal. It is...

5.1CVSS0.00792EPSS
Exploits1References5
NVD
NVD
added 2024/09/09 9:15 p.m.20 views

CVE-2024-8611

A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Affected by this vulnerability is an unknown functionality of the file ssms.php. The manipulation of the argument customer leads to sql injection. The attack can be launched remotely. The exploit has...

9.8CVSS0.00709EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/09/08 10:0 p.m.26 views

CVE-2024-8583 SourceCodester Online Bank Management System Feedback mfeedback.php cross site scripting

A vulnerability was found in SourceCodester Online Bank Management System and Online Bank Management System - 1.0. It has been classified as problematic. This affects an unknown part of the file /mfeedback.php of the component Feedback Handler. The manipulation leads to cross site scripting. It i...

5.3CVSS0.00422EPSS
Exploits1References5
OSV
OSV
added 2024/09/08 7:15 a.m.5 views

CVE-2024-8570

A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /inccatadd.php. The manipulation of the argument title leads to sql injection. The attack may be launched remotely. The exploit ha...

9.8CVSS5.8AI score0.00576EPSS
Exploits1References5
OSV
OSV
added 2024/09/08 5:15 a.m.5 views

CVE-2024-8569

A vulnerability has been found in code-projects Hospital Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file user-login.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely...

9.8CVSS5.8AI score0.00809EPSS
Exploits1References5
CVE
CVE
added 2024/09/07 8:0 p.m.53 views

CVE-2024-8563

CVE-2024-8563 affects SourceCodester PHP CRUD 1.0. The issue is an XSS vulnerability in /endpoint/update.php , triggered by manipulating the parameters first_name , middle_name , or last_name . Exploitation can be performed remotely and the exploit has been disclosed publicly. Root cause: imprope...

6.1CVSS4.2AI score0.00378EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2024/09/04 2:0 p.m.22 views

CVE-2024-8407 alwindoss akademy handlers.go cross site scripting

A vulnerability was found in alwindoss akademy up to 35caccea888ed63d5489e211c99edff1f62efdba. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file cmd/akademy/handler/handlers.go. The manipulation of the argument emailAddress leads to cross...

5.3CVSS0.00449EPSS
Exploits1References4
CVE
CVE
added 2024/08/30 9:31 p.m.58 views

CVE-2024-8347

CVE-2024-8347 affects SourceCodester Computer Laboratory Management System 1.0. The vulnerable component is the delete_record function in /classes/Master.php?f=delete_record, where manipulation of the id parameter leads to SQL injection. The issue enables remote exploitation and the exploit has b...

9.8CVSS7.1AI score0.0059EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2024/08/30 4:15 p.m.21 views

CVE-2024-8342

A vulnerability, which was classified as critical, has been found in SourceCodester Petshop Management System 1.0. This issue affects some unknown processing of the file /controllers/addclient.php. The manipulation of the argument imageprofile leads to unrestricted upload. The attack may be...

8.8CVSS0.00643EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2024/08/30 3:0 p.m.19 views

CVE-2024-8341 SourceCodester Petshop Management System add_user.php unrestricted upload

A vulnerability classified as critical was found in SourceCodester Petshop Management System 1.0. This vulnerability affects unknown code of the file /controllers/adduser.php. The manipulation of the argument avatar leads to unrestricted upload. The attack can be initiated remotely. The exploit h...

6.5CVSS7.1AI score0.00721EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/08/30 11:0 a.m.27 views

CVE-2024-8331 OpenRapid RapidCMS user-move-run.php sql injection

A vulnerability was found in OpenRapid RapidCMS up to 1.3.1. It has been classified as critical. This affects an unknown part of the file /admin/user/user-move-run.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit ha...

6.5CVSS0.0058EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/08/26 4:0 p.m.12 views

CVE-2024-8173 code-projects Blood Bank System Login Page login.php sql injection

A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file /login.php of the component Login Page. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. The...

7.5CVSS7.3AI score0.00668EPSS
Exploits1References5
CVE
CVE
added 2024/08/22 10:31 p.m.61 views

CVE-2024-8086

SourceCodester E-Commerce System 1.0 Admin Login page (/ecommerce/admin/login.php) is affected by SQL injection via the user_email parameter. The vulnerability enables remote exploitation; multiple sources confirm the issue and public disclosure. Concrete remediation/version details are not provi...

9.8CVSS7.5AI score0.00689EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2024/08/22 9:31 p.m.29 views

CVE-2024-8081 itsourcecode Payroll Management System login.php sql injection

A vulnerability classified as critical was found in itsourcecode Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has...

7.5CVSS0.00606EPSS
Exploits1References5
NVD
NVD
added 2024/08/20 1:15 a.m.20 views

CVE-2024-7943

A vulnerability was found in itsourcecode Laravel Property Management System 1.0 and classified as critical. This issue affects the function upload of the file PropertiesController.php. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The...

8.8CVSS0.00697EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/08/19 6:0 p.m.28 views

CVE-2024-7924 ZZCMS list.php path traversal

A vulnerability was found in ZZCMS 2023. It has been declared as critical. This vulnerability affects unknown code of the file /I/list.php. The manipulation of the argument skin leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be...

6.9CVSS0.0142EPSS
Exploits1References4
NVD
NVD
added 2024/08/19 12:15 a.m.16 views

CVE-2024-7919

A vulnerability, which was classified as critical, has been found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805. This issue affects some unknown processing of the file /report/ParkChargeRecord/GetDataList. The manipulation leads to improper access controls. The...

9.8CVSS0.0113EPSS
Exploits1References4
NVD
NVD
added 2024/08/15 11:15 p.m.17 views

CVE-2024-7844

A vulnerability has been found in SourceCodester Online Graduate Tracer System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /tracking/admin/addacc.php. The manipulation of the argument name/user/position leads to cross site scripting. T...

5.4CVSS0.00451EPSS
Exploits1References4
Rows per page
Query Builder