618 matches found
SourceCodester Budget and Expense Tracker System SQL注入漏洞
SourceCodester Budget And Expense Tracker System is a web-based application from Carlo Montero's personal developer. SourceCodester Budget and Expense Tracker System is vulnerable in v1.0 due to a lack of SQL data escaping and filtering in the software. An attacker could use the user name field t...
CVE-2021-40247
SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field...
CVE-2021-40247
SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field...
CVE-2021-40247
SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field...
CVE-2021-40247
CVE-2021-40247 affects Sourcecodester Budget and Expense Tracker System v1.0. The vulnerability is an SQL injection via the username field caused by inadequate SQL data escaping/filtering. Exploitation in the wild is not described in the provided documents, but CVSS data indicates a high/critical...
CVE-2021-40247
SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field...
PT-2022-11208 · Unknown · Sourcecodester Budget/Expense Tracker System
Name of the Vulnerable Software and Affected Versions: Sourcecodester Budget and Expense Tracker System version v1 Description: The issue allows attackers to execute arbitrary SQL commands via the username field, potentially leading to unauthorized data access or modification. There is no...
users might pay enormous amouts of gas
Handle danb Vulnerability details when a user mints new liquidity, it the pair doesn't already exist, it deploys it. deploying a new contract on ethereum is super expensive, especially when it's such a large contract like TimeswapPair, it can cost thousands of dollars. Impact user who try to mint...
CVE-2021-41645
Remote Code Execution RCE vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field...
CVE-2021-41645
Remote Code Execution RCE vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field...
CVE-2021-41645
CVE-2021-41645 affects Sourcecodester Budget and Expense Tracker System 1.0. A remote attacker can exploit the image upload field to achieve remote code execution (RCE). Descriptions across Red Hat, CNVD, CVE entries consistently state RCE via image upload, with varying severity reporting (NVD CV...
CVE-2021-41645
Remote Code Execution RCE vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field...
PT-2021-23364 · Unknown · Sourcecodester Budget/Expense Tracker System
Name of the Vulnerable Software and Affected Versions: Sourcecodester Budget and Expense Tracker System version 1.0 Description: A Remote Code Execution RCE issue exists, allowing a remote malicious user to inject arbitrary code via the image upload field. Recommendations: For Sourcecodester Budg...
Budgets And Expense Tracker System 1.0 Shell Upload
Exploit Title: Budget and Expense Tracker System 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Abdullah Khawaja hax.3xploit Date: 2021-09-21 Vendor Homepage: https://www.sourcecodester.com/php/14893/budget-and-expense-tracker-system-php-free-source-code.html Software Link:...
Budget and Expense Tracker System 1.0 - Authenticated Bypass Vulnerability
Exploit Title: Budget and Expense Tracker System 1.0 - Authenticated Bypass Exploit Author: Prunier Charles-Yves Vendor Homepage: https://www.sourcecodester.com/php/14893/budget-and-expense-tracker-system-php-free-source-code.html Software Link:...
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
✍️ Description CSRF bug to set-paid expense-report 🕵️♂️ Proof of Concept Here it does not check token parameter for csrf .You can remove token paramater from url. bellow request is vulnerable to csrf attack when set-paid expense report....
Project Expense Monitoring System 1.0 SQL Injection Vulnerability
Exploit Title: Project Expense Monitoring System | SQL Login Bypass Multiple Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/14001/project-expense-monitoring-system-project-php-source-code-2020.html Software Link:...
Project Expense Monitoring System 1.0 Authentication Bypass Vulnerability
Exploit Title: Project expense Monitoring System | Create Admin Account Unauthorised Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/14001/project-expense-monitoring-system-project-php-source-code-2020.html Software Link:...
Project Expense Monitoring System 1.0 Authentication Bypass
Exploit Title: Project expense Monitoring System | Create Admin Account Unauthorised Exploit Author: Richard Jones Date: 2021-03-28 Vendor Homepage: https://www.sourcecodester.com/php/14001/project-expense-monitoring-system-project-php-source-code-2020.html Software Link:...
Daily Expense Tracker System Cross-Site Scripting Vulnerability (CNVD-2025-31006)
Daily Expense Tracker System is a PHP and MySQL based daily expense tracking system. Daily Expense Tracker System suffers from a cross-site scripting vulnerability that originates from the user-profile.php Full Name parameter. No details of the vulnerability are available at this time...