CVE-2024-8089

CVE-2024-8089 affects SourceCodester E-Commerce System v1.0. The vulnerability resides in the unknown function of the file /ecommerce/admin/products/controller.php, where manipulating the photo parameter leads to an unrestricted upload. This enables a remote attacker to upload arbitrary files, wi...

CVE-2024-8087

A vulnerability was found in SourceCodester E-Commerce System 1.0 and classified as critical. This issue affects some unknown processing of the file /ecommerce/popupItem.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2024-8084

A vulnerability, which was classified as problematic, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file /php-ocls/classes/SystemSettings.php?f=updatesettings of the component Setting Handler. The manipulation of the argument System Name lea...

CVE-2024-8023

A vulnerability classified as critical has been found in chillzhuang SpringBlade 4.1.0. Affected is an unknown function of the file /api/blade-system/menu/list?updatexml. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...

CVE-2024-7946

A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file register.php of the component User Signup. The manipulation of the argument user leads to sql injection. The attack ma...

CVE-2024-7947 SourceCodester Point of Sales and Inventory Management System login.php sql injection

A vulnerability classified as critical has been found in SourceCodester Point of Sales and Inventory Management System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploi...

CVE-2024-7946

CVE-2024-7946 affects itsourcecode Online Blood Bank Management System 1.0. The vulnerability lies in the User Signup component, specifically the register.php file, where the argument user can be manipulated to cause SQL injection. This allows remote attacks and, per sources, the exploit has been...

CVE-2024-7935

A vulnerability was found in itsourcecode Project Expense Monitoring System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file print.php. The manipulation of the argument mapid leads to sql injection. The attack may be launched remotely. The explo...

CVE-2024-7924

CVE-2024-7924 affects ZZCMS 2023. The vulnerability is in the file /I/list.php, where manipulating the skin parameter enables path traversal. The issue can be exploited remotely and, per multiple sources, the exploit has been disclosed publicly. Some sources describe it as critical; CVSS vectors ...

CVE-2024-7921

A vulnerability has been found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /report/ParkOutRecord/GetDataList. The manipulation leads to improper access...

CVE-2024-7914

CVE-2024-7914 affects SourceCodester Yoga Class Registration System 1.0. The vulnerability is in an unknown function of /php-ycrs/classes/SystemSettings.php where manipulation of the address argument leads to cross-site scripting. It is possible to exploit remotely and public exploit details have...

CVE-2024-7853 SourceCodester Yoga Class Registration System sql injection

A vulnerability was found in SourceCodester Yoga Class Registration System up to 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=categories/viewcategory. The manipulation of the argument id leads to sql injection. It is possible to launch the atta...

CVE-2024-7843

CVE-2024-7843 affects SourceCodester Online Graduate Tracer System 1.0, with the vulnerability residing in the file /tracking/admin/exportcs.php . The issue enables information disclosure through an unknown function, and it is reported that the attack can be launched remotely . Multiple connected...

CVE-2024-7842

A vulnerability, which was classified as problematic, has been found in SourceCodester Online Graduate Tracer System 1.0. This issue affects some unknown processing of the file /tracking/admin/exportit.php. The manipulation leads to information disclosure. The attack may be initiated remotely. Th...

CVE-2024-7833

A vulnerability was found in D-Link DI-8100 16.07. It has been classified as critical. This affects the function upgradefilterasp of the file upgradefilter.asp. The manipulation of the argument path leads to command injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2024-7813

CVE-2024-7813 affects SourceCodester Prison Management System 1.0, specifically the Profile Image Handler via /uploadImage/Profile/. The issue arises from unknown processing of the profile image file, leading to credentials that are insufficiently protected. Exploitation is possible remotely and ...

CVE-2024-7808

A vulnerability was found in code-projects Job Portal 1.0. It has been classified as critical. Affected is an unknown function of the file logindbc.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to t...

CVE-2024-7797

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as critical. Affected is an unknown function of the file /simple-online-bidding-system/bidding/admin/ajax.php?action=login. The manipulation of the argument username leads to sql injection. It is...

CVE-2024-7800 SourceCodester Simple Online Bidding System ajax.php sql injection

A vulnerability classified as critical has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file /simple-online-bidding-system/bidding/admin/ajax.php?action=deleteproduct. The manipulation of the argument id leads to sql injection. It is possible ...

CVE-2024-7799

SourceCodester Simple Online Bidding System 1.0 contains a vulnerability in the file /simple-online-bidding-system/bidding/admin/users.php that leads to improper authorization. The issue can be exploited remotely and a public exploit has been disclosed. Public remediation status is not confirmed ...