169 matches found
CVE-2024-33971
CVE-2024-33971 describes an SQL injection vulnerability in the PayPal, Credit Card and Debit Card Payment software (version 1.0, janobe products) where an attacker can exploit the username parameter passed to the /login.php endpoint to retrieve data. Documents consistently tie this to SQL injecti...
CVE-2024-33970
CVE-2024-33970 concerns a SQL injection in Janobe’s PayPal/Credit Card/Debit Card Payment software (version 1.0). The vulnerability allows an attacker to craft a query against the server via the studid parameter in /candidate/controller.php to retrieve stored information. Connected sources (Red H...
CVE-2024-33970 SQL injection in Janobe products
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'studid' in...
CVE-2024-33970 SQL injection in Janobe products
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'studid' in...
CVE-2024-33969
CVE-2024-33969 affects Janobe’s PayPal, Credit Card and Debit Card Payment software (version 1.0). The vulnerability is a SQL injection in the /AttendanceMonitoring/department/index.php endpoint via the id parameter, allowing an attacker to retrieve stored data. CVSS data indicate high impact to ...
CVE-2024-33969 SQL injection in Janobe products
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in...
CVE-2024-33969 SQL injection in Janobe products
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in...
CVE-2024-33968 SQL injection in Janobe products
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'Attendance' and 'YearLevel' in...
CVE-2024-33968 SQL injection in Janobe products
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'Attendance' and 'YearLevel' in...
CVE-2024-33968
CVE-2024-33968 describes a SQL injection in the PayPal, Credit Card and Debit Card Payment app (version 1.0) from Janobe. The vulnerability is exploitable via the AttendanceMonitoring/report/index.php endpoint, specifically through the Attendance and YearLevel parameters, allowing retrieval of da...
CVE-2024-33967 SQL injection in Janobe products
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'view' in 'Attendance' and 'YearLeve...
CVE-2024-33967
CVE-2024-33967 describes an SQL injection in the PayPal, Credit Card and Debit Card Payment system (version 1.0) by targeting the /AttendanceMonitoring/report/attendance_print.php endpoint. An attacker can craft a query via the view parameter to retrieve all data stored in the system, specificall...
CVE-2024-33967 SQL injection in Janobe products
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'view' in 'Attendance' and 'YearLeve...
CVE-2024-33966
CVE-2024-33966 concerns a SQL injection in the Janobe product family, specifically in the PayPal, Credit Card and Debit Card Payment software v1.0. The vulnerability arises from unsafe handling of the input in the xtsearch parameter of /admin/mod_reports/index.php, allowing an attacker to potenti...
CVE-2024-33966 SQL injection in Janobe products
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'xtsearch' in...
CVE-2024-33965
CVE-2024-33965 is a SQL injection in the PayPal, Credit Card and Debit Card Payment system (version 1.0) by janobe, exposed via the /tubigangarden/admin/mod_accomodation/index.php?view parameter. Multiple connected sources corroborate that a specially crafted query can exfiltrate stored data. Pub...
CVE-2024-33965 SQL injection in Janobe products
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'view' in...
CVE-2024-33965 SQL injection in Janobe products
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'view' in...
CVE-2024-33964
CVE-2024-33964 relates to an SQL injection in Janobe’s PayPal, Credit Card and Debit Card Payment software (version 1.0). The vulnerability occurs via the id parameter in /admin/mod_users/index.php and could allow an attacker to retrieve data stored by the server. Affected product/version: PayPal...
CVE-2024-33964 SQL injection in Janobe products
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/admin/modusers/index.php'...