124 matches found
CVE-2022-30799
Online Ordering System v1.0 by oretnom23 has SQL injection via store/orderpage.php...
CVE-2022-30798
Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/viewreport.php...
CVE-2022-30794
Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductetails.php...
CVE-2022-30423
Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution RCE vulnerability in the user profile upload point in the system information...
CVE-2022-30423
Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution RCE vulnerability in the user profile upload point in the system information...
Sql injection
Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductetails.php...
Sql injection
Online Ordering System v1.0 by oretnom23 has SQL injection via store/orderpage.php...
Sql injection
Online Ordering System 1.0 by oretnom23 is vulnerable to SQL Injection via admin/vieworders.php...
CVE-2022-31352
Online Car Wash Booking System v1.0 by oretnom23 has SQL injection in /ocwbs/admin/services/manageservice.php?id=...
CVE-2022-30797
CVE-2022-30797 affects Online Ordering System 1.0 (admin/vieworders.php) and is caused by an SQL injection vulnerability. Affected component is the web application's admin view orders interface; the root cause is improper input handling/validation on that page. Documented impact includes potentia...
CVE-2022-30794
Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductetails.php...
Attendance and Payroll System 安全漏洞
Attendance and Payroll System is an attendance and payroll system using PHP/MySQLi source code by oretnom23 individual developers. sourcecodester Attendance and Payroll System is vulnerable to remote code execution, which can be exploited by attackers to upload maliciously crafted PHP...
Cross site scripting
Cross Site Scripting XSS in Sourcecodester Try My Recipe Recipe Sharing Website - CMS by oretnom23, allows attackers to gain the PHPSESID or other unspecified impacts via the fullname parameter to the loginregistration page...
Cross site scripting
Cross site scripting XSS vulnerability in Sourcecodester Online Covid Vaccination Scheduler System v1 by oretnom23, allows attackers to execute arbitrary code via the lid parameter to /scheduler/addSchedule.php...
CVE-2021-43420
CVE-2021-43420 affects Sourcecodester Online Payment Hub v1 (Login.php) by oretnom23. A SQL injection is possible via the username parameter, caused by insufficient input handling (no filtering/escaping of SQL data). Reported as a high/critical issue in CVSS metrics (NVD): CVSS 2.0 base score 7.5...
CVE-2021-43420
SQL injection vulnerability in Login.php in Sourcecodester Online Payment Hub v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter...
CVE-2021-42168
CVE-2021-42168 affects Sourcecodester Try My Recipe (a Recipe Sharing Website CMS). The vulnerability is a Cross Site Scripting (XSS) flaw in the fullname parameter of the login_registration page, caused by insufficient input filtering/escaping. The issue can enable an attacker to obtain the PHPS...
CVE-2021-41660
SQL injection vulnerability in Sourcecodester Patient Appointment Scheduler System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password fields to login.php...
CVE-2021-41659
SQL injection vulnerability in Sourcecodester Banking System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username or password field...
Sql injection
SQL injection vulnerability in Sourcecodester Patient Appointment Scheduler System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password fields to login.php...