CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

CVE•added 2026/03/12 3:36 p.m.•5 views

CVE-2019-25473

CVE-2019-25473 affects Clinic Pro via SQL injection on the monthly_expense_overview endpoint, exploitable by authenticated users through the month parameter. Root cause: improper input handling enabling boolean/time-based/error-based SQL injection. Impact: confidentiality impact HIGH; integrity L...

7.1CVSS5.9AI score0.00039EPSS

Exploits0References2

Positive Technologies•added 2026/03/12 12:0 a.m.•1 views

PT-2026-24963

Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthly expense overview endpoint with crafted month values using boolean-based blind,...

7.1CVSS5.9AI score0.00039EPSS

Exploits0References3

NVD•added 2025/09/29 9:15 a.m.•3 views

CVE-2025-10343

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'expensename' at the endpoint '/expenses/expense'...

6.1CVSS0.00026EPSS

Exploits0References1

Positive Technologies•added 2025/02/12 12:0 a.m.•3 views

PT-2025-7080 · Unknown · Phpgurukul Daily Expense Tracker System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Daily Expense Tracker System version 1.1 Description: The issue concerns a SQL Injection vulnerability in the /dets/add-expense.php endpoint via the costitem parameter. This allows for potential exploitation of the system. No...

9.8CVSS7.8AI score0.00188EPSS

Exploits1References4

OSV•added 2024/08/15 3:15 a.m.•1 views

CVE-2024-7811

A vulnerability classified as critical has been found in SourceCodester Daily Expenses Monitoring App 1.0. This affects an unknown part of the file /endpoint/delete-expense.php. The manipulation of the argument expense leads to sql injection. It is possible to initiate the attack remotely. The...

9.8CVSS5.8AI score

Exploits0References4

Positive Technologies•added 2024/08/14 12:0 a.m.•2 views

PT-2024-38598 · Unknown · Sourcecodester Daily Expenses Monitoring App

Name of the Vulnerable Software and Affected Versions: SourceCodester Daily Expenses Monitoring App version 1.0 Description: A critical issue has been found in the SourceCodester Daily Expenses Monitoring App, affecting an unknown part of the file /endpoint/delete-expense.php. The manipulation of...

9.8CVSS7.2AI score0.00134EPSS

Exploits1References10

OSV•added 2024/02/14 3:15 p.m.•1 views

CVE-2024-25210

Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the expense parameter at /endpoint/deleteexpense.php...

9.8CVSS5.8AI score

Exploits0References1

CNNVD•added 2024/02/14 12:0 a.m.•1 views

Expense Tracker SQL Injection Vulnerability

Expense Tracker is an expense tracker organized by SourceCode and Projects. A security vulnerability exists in Expense Tracker v1.0, which stems from a SQL injection vulnerability in the file /endpoint/deleteexpense.php...

9.8CVSS7.9AI score0.00126EPSS

Exploits1References3

Positive Technologies•added 2023/03/29 12:0 a.m.•2 views

PT-2023-17171 · Sourcecodester · Earnings/Expense Tracker App

Name of the Vulnerable Software and Affected Versions: SourceCodester Earnings and Expense Tracker App version 1.0 Description: A problematic vulnerability has been found in the software, affecting an unknown part of the file, specifically the "Master.php?a=save expense" endpoint. The manipulatio...

6.1CVSS6.9AI score0.00267EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by