CVE-2024-42553

A Cross-Site Request Forgery CSRF in the component adminroomadded.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges...

CVE-2024-42561

Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via the invoicenumber parameter at salesreport.php...

CVE-2024-42557

A Cross-Site Request Forgery CSRF in the component adminmodifyroom.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges...

PT-2024-30023 · Erp · Erp

Name of the Vulnerable Software and Affected Versions: ERP commit 44bd04 Description: An arbitrary file upload vulnerability allows attackers to execute arbitrary code via uploading a crafted HTML file. Recommendations: For ERP commit 44bd04, consider restricting the upload functionality to preve...

CVE-2024-42565

ERP commit 44bd04 was discovered to contain a SQL injection vulnerability via the id parameter at /index.php/basedata/contact/delete?action=delete...

CVE-2024-42564

CVE-2024-42564 affects ERP with a SQL injection vulnerability in the id parameter at /index.php/basedata/inventory/delete?action=delete. The issue arises from unsafely handling the id input, enabling potential SQL injection. Connected sources confirm the vulnerable endpoint and parameter across m...

CVE-2024-42563

An arbitrary file upload vulnerability in ERP commit 44bd04 allows attackers to execute arbitrary code via uploading a crafted HTML file...

PT-2024-30017 · Unknown · Hotel Management System

Name of the Vulnerable Software and Affected Versions: Hotel Management System version commit 91caab8 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the book id parameter at the "admin modify room.php" endpoint. There is no information...

CVE-2024-42565

CVE-2024-42565 affects an ERP system where commit 44bd04 introduces a SQL injection via the id parameter in /index.php/basedata/contact/delete?action=delete. The advisory documents indicate a high-severity impact (CVSS v3.1: 9.8, CRITICAL) with network access, no privileges required, no user inte...

CVE-2024-42565

ERP commit 44bd04 was discovered to contain a SQL injection vulnerability via the id parameter at /index.php/basedata/contact/delete?action=delete...

PT-2024-30012 · Unknown · Hotel Management System

Name of the Vulnerable Software and Affected Versions: Hotel Management System affected versions not specified Description: A Cross-Site Request Forgery CSRF issue in the admin room added.php component of the Hotel Management System allows attackers to escalate privileges. This issue is related t...

CVE-2024-42563

An arbitrary file upload vulnerability in ERP commit 44bd04 allows attackers to execute arbitrary code via uploading a crafted HTML file...

PT-2024-30024 · Erp · Erp

Name of the Vulnerable Software and Affected Versions: ERP affected versions not specified Description: A SQL injection vulnerability was discovered in ERP commit 44bd04. The issue is related to the id parameter at the "/index.php/basedata/inventory/delete?action=delete" endpoint. This allows for...

CVE-2024-42564

ERP commit 44bd04 was discovered to contain a SQL injection vulnerability via the id parameter at /index.php/basedata/inventory/delete?action=delete...

CVE-2024-43824

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-test: Make use of cached 'epcfeatures' in pciepftestcoreinit Instead of getting the epcfeatures from pciepcgetfeatures API, use the cached pciepftest::epcfeatures value to avoid the NULL check. Since the NU...

SUSE CVE-2024-43828

In the Linux kernel, the following vulnerability has been resolved: ext4: fix infinite loop when replaying fastcommit When doing fastcommit replay an infinite loop may occur due to an uninitialized extentstatus struct. ext4extdetermineinserthole does not detect the replay and calls...

CVE-2024-43824

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-test: Make use of cached 'epcfeatures' in pciepftestcoreinit Instead of getting the epcfeatures from pciepcgetfeatures API, use the cached pciepftest::epcfeatures value to avoid the NULL check. Since the NU...

DEBIAN-CVE-2024-43828

In the Linux kernel, the following vulnerability has been resolved: ext4: fix infinite loop when replaying fastcommit When doing fastcommit replay an infinite loop may occur due to an uninitialized extentstatus struct. ext4extdetermineinserthole does not detect the replay and calls...

UBUNTU-CVE-2024-43828

In the Linux kernel, the following vulnerability has been resolved: ext4: fix infinite loop when replaying fastcommit When doing fastcommit replay an infinite loop may occur due to an uninitialized extentstatus struct. ext4extdetermineinserthole does not detect the replay and calls...

CVE-2024-43837

CVE-2024-43837 (Linux kernel): The vulnerability is a null pointer dereference in BPF EXT program type resolution when dst_prog is not attached. The fix, as described in the primary document, changes resolve_prog_type() to return prog->type for BPF_PROG_TYPE_EXT when dst_prog is absent, instea...