CVE-2024-8146

A vulnerability has been found in code-projects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /index.php?action=editSalesman. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The...

CVE-2024-7810

A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /tracking/admin/viewitprofile.php. The manipulation of the argument id leads to sql injection. The attack may be launched...

PT-2024-38365 · Unknown · Tailoring Management System

Name of the Vulnerable Software and Affected Versions: Tailoring Management System version 1.0 Description: A critical issue was found in the Tailoring Management System, affecting an unknown part of the file partedit.php. The manipulation of the id argument leads to SQL injection. It is possible...

Horizon Business Services Caterease 安全漏洞

Horizon Business Services Caterease is an event planning and catering software from Horizon Business Services, USA. A security vulnerability exists in Horizon Business Services Caterease versions 16.0.1.1663 through 24.0.1.2405 and later versions, which stems from improper neutralization of the u...

CVE-2024-7320

CVE-2024-7320 affects itsourcecode Online Blood Bank Management System 1.0, targeting the Admin Login component (/admin/index.php). A SQL injection flaw is triggered by manipulating the user parameter, with remote exploitation possible and public disclosure of exploits. Impact is described as hig...

CVE-2024-7220

A vulnerability was found in SourceCodester/Campcodes School Log Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/printbarcode.php. The manipulation of the argument tbl results in sql injection. It is possible to launch the attack remotely. The exploi...

CVE-2024-7190

A vulnerability classified as critical was found in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/getprice.php. The manipulation of the argument expensesid leads to sql injection. The attack can be launched remotely. The...

CVE-2024-7190

The CVE-2024-7190 entry affects itsourcecode Society Management System 1.0, specifically the /admin/get_price.php endpoint where manipulating the expenses_id parameter enables SQL injection. The vulnerability is described as remote-exploitable with a publicly disclosed exploit; assessed severitie...

CVE-2024-7168

A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /manageuser.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit...

CVE-2024-7167

A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /managecourse.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely...

CVE-2024-7116

A vulnerability was found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. It has been rated as critical. This issue affects some unknown processing of the file /branchviewmore.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotel...

CVE-2024-6952

CVE-2024-6952 affects itsourcecode University Management System 1.0. The vulnerability is in the file /view_single_result.php?vr=123321&vn=mirage, where manipulation of the seme argument leads to SQL injection. Reports indicate the issue is exploitable remotely and the exploit has been disclosed ...

CVE-2024-6808

A vulnerability was found in itsourcecode Simple Task List 1.0. It has been classified as critical. This affects the function insertUserRecord of the file signUp.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2024-6735

Summary: CVE-2024-6735 affects itsourcecode Tailoring Management System 1.0. The vulnerability resides in the file setgeneral.php, where manipulating the parameters sitename, email, mobile, sms, or currency can trigger SQL injection. Exploitation appears remote and has been publicized. Technical ...

PT-2024-5296

Name of the Vulnerable Software and Affected Versions Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below Description The issue is related to the monitoring module of Zohocorp ManageEngine Exchange Reporter Plus, where the software fails to properly protect the SQL query structur...

CVE-2024-6734

CVE-2024-6734 : A SQL injection flaw exists in itsourcecode Tailoring Management System 1.0, originating in the templateadd.php file. The vulnerability is triggered by manipulating the title/msg parameters, enabling remote attackers to execute arbitrary SQL. Exploitation is feasible remotely and ...

CVE-2024-37871

SQL injection vulnerability in login.php in Itsourcecode Online Discussion Forum Project in PHP with Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the email parameter...

CVE-2024-6419

CVE-2024-6419 describes a SQL injection in SourceCodester Medicine Tracker System 1.0, affecting unknown code path /classes/Master.php?f=save_medicine where the id parameter is manipulated to exploit the vulnerability. It is remotely exploitable and has been publicly disclosed. Multiple connected...

CVE-2024-6016

A vulnerability, which was classified as critical, has been found in itsourcecode Online Laundry Management System 1.0. Affected by this issue is some unknown functionality of the file adminclass.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely...

CVE-2024-6009

CVE-2024-6009 affects itsourcecode Event Calendar 1.0. The vulnerability resides in regConfirm/regDelete in process.php, where manipulating the userId parameter enables SQL injection. Exploitation is remote and the vulnerability has been publicly disclosed. Mitigations documented in connected sou...