72 matches found
Expense Management System 1.0 Arbitrary File Upload
============================================================================================================================================= | Title : Expense Management System v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firef...
CVE-2024-41332
Incorrect access control in the deletecategory function of Sourcecodester Computer Laboratory Management System v1.0 allows authenticated attackers with low-level privileges to arbitrarily delete categories...
CVE-2024-40474
A Reflected Cross Site Scripting XSS vulnerability was found in "edit-cate.php" in SourceCodester House Rental Management System v1.0...
Exploit for Command Injection in Nikhil-Bhalerao Poultry_Farm_Management_System
PoC exploit for CVE-2024-40110, an arbitrary file upload vulnera...
Sql injection
Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /edit.php...
CVE-2024-22627
Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /SupplyManagementSystem/admin/editdistributor.php?id=...
CVE-2024-22625
Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /SupplyManagementSystem/admin/editcategory.php?id=...
Cross site scripting
A stored cross-site scripting XSS vulnerability in the Add Animal Details function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description of Animal parameter...
CVE-2023-41615
CVE-2023-41615 affects Zoo Management System v1.0, with multiple SQL injection vulnerabilities in the Admin sign‑in page via the username and password fields. The root cause is insufficient input validation on the sign‑in form, enabling arbitrary SQL execution and potential data theft. While seve...
CVE-2023-37688
Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Admin page...
Sql injection
Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Admin page...
Sql injection
Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-jms/deductScores.php...
CVE-2023-37688
Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Admin page...
Cross site scripting
A cross-site scripting XSS vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Description of the /admin/aboutus.php component...
CVE-2023-37746
A cross-site scripting XSS vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter of the /admin/contactus.php component...
Sql injection
Judging Management System v1.0 by oretnom23 was discovered to vulnerable to SQL injection via /php-jms/reviewresult.php?maineventid=, maineventid...
CVE-2023-30204
Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the judgeid parameter at /php-jms/editjudge.php...
Sql injection
Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateBlankTxtview.php...
Judging Management System 1.0 Shell Upload
Exploit Title: Judging Management System v1.0 - Remote Code Execution RCE Date: 12/11/2022 Exploit Author: Angelo Pio Amirante Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15910/judging-management-system-using-php-and-mysql-free-source-code.ht...
CVE-2022-43162
Online Diagnostic Lab Management System v1.0 is affected by a SQL injection vulnerability in the id parameter of /tests/view_test.php. The issue arises from improper SQL handling in the view_test routine, enabling arbitrary data exposure or modification. The CVE entry has a high severity (CVSS v3...