Lucene search
K

618 matches found

CNVD
CNVD
added 2022/01/25 12:0 a.m.16 views

SourceCodester Budget and Expense Tracker System SQL注入漏洞

SourceCodester Budget And Expense Tracker System is a web-based application from Carlo Montero's personal developer. SourceCodester Budget and Expense Tracker System is vulnerable in v1.0 due to a lack of SQL data escaping and filtering in the software. An attacker could use the user name field t...

9.8CVSS4AI score0.02592EPSS
Exploits1References1
NVD
NVD
added 2022/01/21 7:15 p.m.18 views

CVE-2021-40247

SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field...

9.8CVSS0.02592EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/01/21 7:15 p.m.3 views

CVE-2021-40247

SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field...

9.8CVSS6.1AI score0.02592EPSS
Exploits1References3
OSV
OSV
added 2022/01/21 7:15 p.m.5 views

CVE-2021-40247

SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field...

9.8CVSS6.1AI score0.02592EPSS
Exploits1References2
CVE
CVE
added 2022/01/21 6:58 p.m.62 views

CVE-2021-40247

CVE-2021-40247 affects Sourcecodester Budget and Expense Tracker System v1.0. The vulnerability is an SQL injection via the username field caused by inadequate SQL data escaping/filtering. Exploitation in the wild is not described in the provided documents, but CVSS data indicates a high/critical...

9.8CVSS9.9AI score0.02592EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/01/21 6:58 p.m.26 views

CVE-2021-40247

SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field...

10AI score0.02592EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/01/21 12:0 a.m.8 views

PT-2022-11208 · Unknown · Sourcecodester Budget/Expense Tracker System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Budget and Expense Tracker System version v1 Description: The issue allows attackers to execute arbitrary SQL commands via the username field, potentially leading to unauthorized data access or modification. There is no...

9.8CVSS9.9AI score0.02592EPSS
Exploits1References6
Code423n4
Code423n4
added 2022/01/05 12:0 a.m.8 views

users might pay enormous amouts of gas

Handle danb Vulnerability details when a user mints new liquidity, it the pair doesn't already exist, it deploys it. deploying a new contract on ethereum is super expensive, especially when it's such a large contract like TimeswapPair, it can cost thousands of dollars. Impact user who try to mint...

6.9AI score
Exploits0
OSV
OSV
added 2021/10/29 5:15 p.m.2 views

CVE-2021-41645

Remote Code Execution RCE vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field...

8.8CVSS6.1AI score0.03098EPSS
Exploits1References1
NVD
NVD
added 2021/10/29 5:15 p.m.21 views

CVE-2021-41645

Remote Code Execution RCE vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field...

8.8CVSS0.03098EPSS
Exploits1References1
CVE
CVE
added 2021/10/29 4:59 p.m.47 views

CVE-2021-41645

CVE-2021-41645 affects Sourcecodester Budget and Expense Tracker System 1.0. A remote attacker can exploit the image upload field to achieve remote code execution (RCE). Descriptions across Red Hat, CNVD, CVE entries consistently state RCE via image upload, with varying severity reporting (NVD CV...

8.8CVSS8.9AI score0.03098EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/10/29 4:59 p.m.22 views

CVE-2021-41645

Remote Code Execution RCE vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field...

9.2AI score0.03098EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2021/10/29 12:0 a.m.9 views

PT-2021-23364 · Unknown · Sourcecodester Budget/Expense Tracker System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Budget and Expense Tracker System version 1.0 Description: A Remote Code Execution RCE issue exists, allowing a remote malicious user to inject arbitrary code via the image upload field. Recommendations: For Sourcecodester Budg...

8.8CVSS9.1AI score0.03098EPSS
Exploits1References5
Packet Storm
Packet Storm
added 2021/09/21 12:0 a.m.160 views

Budgets And Expense Tracker System 1.0 Shell Upload

Exploit Title: Budget and Expense Tracker System 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Abdullah Khawaja hax.3xploit Date: 2021-09-21 Vendor Homepage: https://www.sourcecodester.com/php/14893/budget-and-expense-tracker-system-php-free-source-code.html Software Link:...

0.4AI score
Exploits0
0day.today
0day.today
added 2021/09/20 12:0 a.m.183 views

Budget and Expense Tracker System 1.0 - Authenticated Bypass Vulnerability

Exploit Title: Budget and Expense Tracker System 1.0 - Authenticated Bypass Exploit Author: Prunier Charles-Yves Vendor Homepage: https://www.sourcecodester.com/php/14893/budget-and-expense-tracker-system-php-free-source-code.html Software Link:...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/07/21 10:42 a.m.18 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description CSRF bug to set-paid expense-report 🕵️‍♂️ Proof of Concept Here it does not check token parameter for csrf .You can remove token paramater from url. bellow request is vulnerable to csrf attack when set-paid expense report....

1.3AI score
Exploits0
0day.today
0day.today
added 2021/03/29 12:0 a.m.30 views

Project Expense Monitoring System 1.0 SQL Injection Vulnerability

Exploit Title: Project Expense Monitoring System | SQL Login Bypass Multiple Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/14001/project-expense-monitoring-system-project-php-source-code-2020.html Software Link:...

0.1AI score
Exploits0
0day.today
0day.today
added 2021/03/29 12:0 a.m.22 views

Project Expense Monitoring System 1.0 Authentication Bypass Vulnerability

Exploit Title: Project expense Monitoring System | Create Admin Account Unauthorised Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/14001/project-expense-monitoring-system-project-php-source-code-2020.html Software Link:...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/29 12:0 a.m.340 views

Project Expense Monitoring System 1.0 Authentication Bypass

Exploit Title: Project expense Monitoring System | Create Admin Account Unauthorised Exploit Author: Richard Jones Date: 2021-03-28 Vendor Homepage: https://www.sourcecodester.com/php/14001/project-expense-monitoring-system-project-php-source-code-2020.html Software Link:...

0.5AI score
Exploits0
CNVD
CNVD
added 2021/02/03 12:0 a.m.3 views

Daily Expense Tracker System Cross-Site Scripting Vulnerability (CNVD-2025-31006)

Daily Expense Tracker System is a PHP and MySQL based daily expense tracking system. Daily Expense Tracker System suffers from a cross-site scripting vulnerability that originates from the user-profile.php Full Name parameter. No details of the vulnerability are available at this time...

6.1CVSS6.2AI score0.00782EPSS
Exploits1References1
Rows per page
Query Builder