CVE-2024-9009

CVE-2024-9009 affects code-projects Online Quiz Site 1.0; the vulnerability is in showtest.php where the subid parameter is manipulated to cause SQL injection. Root cause is unsafe handling of user input in subid, enabling remote exploitation with potential impact on confidentiality, integrity, a...

VulnCheck KEV: CVE-2023-4166

A vulnerability has been found in Tongda OA and classified as critical. This vulnerability affects unknown code of the file general/system/sealmanage/dianju/deletelog.php. The manipulation of the argument DELETESTR leads to sql injection. The exploit has been disclosed to the public and may be...

CVE-2024-8944

CVE-2024-8944 affects code-projects Hospital Management System 1.0. The vulnerability is a SQL injection in the file check_availability.php caused by improper validation of the email parameter; exploitation is possible remotely over the network. Multiple connected sources corroborate this, with c...

CVE-2024-8868

CVE-2024-8868 affects code-projects Crud Operation System 1.0. The vulnerability is a SQL injection in the savedata.php processing path, triggered by manipulating the sname parameter. Impact is described as critical, with remote attack capability and publicly disclosed exploit. Affected component...

CVE-2024-8862

A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. This issue affects the function getConnectionSafe of the file /dtale/chart-data/1 of the component JDBC Connection Handler. The manipulation of the argument query leads to deserialization. The attack may be...

CVE-2024-8782

A vulnerability was found in JFinalCMS up to 1.0. It has been rated as critical. This issue affects the function delete of the file /admin/template/edit. The manipulation of the argument name leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the publ...

CVE-2024-8711

A vulnerability, which was classified as problematic, has been found in SourceCodester Food Ordering Management System 1.0. Affected by this issue is some unknown functionality of the file /includes/. The manipulation leads to exposure of information through directory listing. The attack may be...

CVE-2024-8710

CVE-2024-8710 affects code-projects Inventory Management 1.0. The vulnerability is a SQL injection in the file /model/viewProduct.php, via the id parameter, which can be exploited remotely. Multiple sources confirm this is a critical issue with high impact on confidentiality, integrity, and avail...

CVE-2024-8706 JFinalCMS com.cms.util.TemplateUtils update path traversal

A vulnerability was found in JFinalCMS up to 20240903. It has been classified as problematic. This affects the function update of the file /admin/template/update of the component com.cms.util.TemplateUtils. The manipulation of the argument fileName leads to path traversal. It is possible to...

CVE-2024-8605

A vulnerability classified as problematic was found in code-projects Inventory Management 1.0. This vulnerability affects unknown code of the file /view/registration.php of the component Registration Form. The manipulation with the input alert1 leads to cross site scripting. The attack can be...

CVE-2024-8583

CVE-2024-8583 concerns SourceCodester’s Online Bank Management System (1.0). The vulnerability affects an unknown portion of the file /mfeedback.php in the Feedback Handler, where input manipulation leads to cross-site scripting (XSS). It can be exploited remotely, and public disclosures/poC refe...

CVE-2024-8565

CVE-2024-8565 is a SQL injection vulnerability in SourceCodesters Clinics Patient Management System 2.0. The flaw resides in the /print_diseases.php endpoint, where manipulating the parameters disease/from/to enables remote exploitation. The issue affects processing of that file and is described ...

CVE-2024-8562 SourceCodester PHP CRUD Add.php cross site scripting

A vulnerability was found in SourceCodester PHP CRUD 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /endpoint/Add.php. The manipulation of the argument firstname/middlename/lastname leads to cross site scripting. The attack may be launched...

CVE-2024-8554

CVE-2024-8554 affects SourceCodester Clinics Patient Management System 2.0. The vulnerable component is the /users.php file, where manipulating the message parameter yields cross-site scripting. The issue enables remote exploitation and the exploit has been disclosed publicly. Public-facing explo...

CVE-2024-8414 SourceCodester Insurance Management System cross-site request forgery

A vulnerability has been found in SourceCodester Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to...

CVE-2024-8366

A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?id=userProfileEdit of the component Update My Profile Page. The manipulation of the argument fname/lname/email with the input alert...

CVE-2024-8347 SourceCodester Computer Laboratory Management System Master.php delete_record sql injection

A vulnerability classified as critical was found in SourceCodester Computer Laboratory Management System 1.0. Affected by this vulnerability is the function deleterecord of the file /classes/Master.php?f=deleterecord. The manipulation of the argument id leads to sql injection. The attack can be...

CVE-2024-8345

A vulnerability was found in SourceCodester Music Gallery Site 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=delete. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit...

CVE-2024-8342 SourceCodester Petshop Management System add_client.php unrestricted upload

A vulnerability, which was classified as critical, has been found in SourceCodester Petshop Management System 1.0. This issue affects some unknown processing of the file /controllers/addclient.php. The manipulation of the argument imageprofile leads to unrestricted upload. The attack may be...

CVE-2024-8340

A vulnerability classified as critical has been found in SourceCodester Electric Billing Management System 1.0. This affects an unknown part of the file /Actions.php?a=login. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The...