CVE-2024-28279

Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via book.php?bookisbn=...

College Management System SQL注入漏洞

College Management System is a simple project organized by Code Projects. It is used to keep track of students, teachers, subjects, schedules and all things related to the university. An SQL injection vulnerability exists in College Management System version 1.0, which stems from an SQL injection...

CVE-2024-28279

Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via book.php?bookisbn=...

CVE-2024-28279

CVE-2024-28279 affects Code-projects Computer Book Store 1.0. The vulnerability is an SQL Injection exploitable via the endpoint book.php?bookisbn=, enabling remote manipulation. Several connected sources confirm the issue and indicate high risk (CVSS v3.1: 7.3, HIGH). Remediation/immediate actio...

PT-2024-22377 · Unknown · Code-Projects Computer Book Store

Name of the Vulnerable Software and Affected Versions: Code-projects Computer Book Store version 1.0 Description: The issue allows for SQL Injection, which can be exploited via the "book.php?bookisbn=" endpoint. An attacker can manipulate this endpoint remotely. It is estimated that a significant...

CVE-2024-31610

File Upload vulnerability in the function for employees to upload avatars in Code-Projects Simple School Management System v1.0 allows attackers to run arbitrary code via upload of crafted file...

CVE-2024-31610

File Upload vulnerability in the function for employees to upload avatars in Code-Projects Simple School Management System v1.0 allows attackers to run arbitrary code via upload of crafted file...

Code-Projects Simple School Management System 安全漏洞

Code-Projects Simple School Management System is an open source school management system from Code-Projects. A security vulnerability exists in Code-Projects Simple School Management System v1.0, which originates from a file upload vulnerability in the upload avatars feature. An attacker can...

CVE-2024-31610

File Upload vulnerability in the function for employees to upload avatars in Code-Projects Simple School Management System v1.0 allows attackers to run arbitrary code via upload of crafted file...

CVE-2024-31610

CVE-2024-31610 affects Code-Projects Simple School Management System v1.0. The issue is a File Upload vulnerability in the avatar upload function that allows an attacker to execute arbitrary code by uploading a crafted file. Reported metrics indicate a network attack vector with low privileges re...

CVE-2024-3369

CVE-2024-3369 affects code-projects Car Rental 1.0. The vulnerability is in add-vehicle.php, where manipulation of the Upload Image parameter enables unrestricted file upload. This can be exploited remotely and has been disclosed publicly, classed as critical with high impact to confidentiality, ...

Blood Bank 1.0 Cross Site Scripting

Exploit Title: Blood Bank v1.0 Stored Cross Site Scripting XSS Date: 2023-11-14 Exploit Author: Ersin Erenler Vendor Homepage: https://code-projects.org/blood-bank-in-php-with-source-code Software Link: https://download-media.code-projects.org/2020/11/BloodBankInPHPWithSourcecode.zip Version: 1.0...

Blood Bank v1.0 - Stored Cross Site Scripting (XSS)

Exploit Title: Blood Bank v1.0 Stored Cross Site Scripting XSS Date: 2023-11-14 Exploit Author: Ersin Erenler Vendor Homepage: https://code-projects.org/blood-bank-in-php-with-source-code Software Link: https://download-media.code-projects.org/2020/11/BloodBankInPHPWithSourcecode.zip Version: 1.0...

CVE-2024-3004

A vulnerability was found in code-projects Online Book System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Product.php. The manipulation of the argument value leads to cross site scripting. The attack may be launched remotely. The exploit ha...

CVE-2024-3004 code-projects Online Book System Product.php cross site scripting

A vulnerability was found in code-projects Online Book System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Product.php. The manipulation of the argument value leads to cross site scripting. The attack may be launched remotely. The exploit ha...

CVE-2024-3004

CVE-2024-3004 affects code-projects Online Book System 1.0. The vulnerability arises from manipulation of an argument value in the file /Product.php , enabling cross-site scripting (XSS) . The issue is exploitable remotely, and the exploit has been disclosed publicly. Affected product/version: On...

CVE-2024-3003

A vulnerability has been found in code-projects Online Book System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cart.php. The manipulation of the argument quantity/remove leads to sql injection. The attack can be launched remotely. The...

CVE-2024-3000

A vulnerability classified as critical was found in code-projects Online Book System 1.0. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument username/password/loginusername/loginpassword leads to sql injection. The attack can be initiated remotely. Th...

CVE-2024-3001

A vulnerability, which was classified as critical, has been found in code-projects Online Book System 1.0. This issue affects some unknown processing of the file /Product.php. The manipulation of the argument value leads to sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2024-3003

CVE-2024-3003 affects code-projects Online Book System 1.0, where the /cart.php endpoint’s quantity/remove parameter is vulnerable to SQL injection due to lack of input validation. This can be exploited remotely and has been publicly disclosed, with VDB-258205 assigned. Multiple sources corrobora...