CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

21 matches found

Cvelist•added 2024/10/29 12:0 a.m.•13 views

CVE-2024-51181

A Reflected Cross Site Scripting XSS vulnerability was found in /ifscfinder/admin/profile.php in PHPGurukul IFSC Code Finder Project v1.0, which allows remote attackers to execute arbitrary code via " searchifsccode" parameter...

0.00366EPSS

Exploits1References1

CVE•added 2023/12/21 8:5 p.m.•39 views

CVE-2023-46791

The CVE entry CVE-2023-46791 is marked as withdrawn/rejected. Connected document PT-2023-30218 describes an unauthenticated SQL Injection in Online Matrimonial Project v1.0, where the filename parameter of pic3 in functions.php does not validate input, sending unfiltered data to the database. No ...

6.9AI score

Exploits0

CVE•added 2023/12/21 6:58 p.m.•25 views

CVE-2023-44481

CVE-2023-44481 affects Leave Management System Project v1.0, where the authenticated attacker can exploit SQL injection through the setearnleave parameter in admin/setleaves.php. Root cause: unvalidated/unfiltered input sent to the database. Documented impact is high (CVE metrics show high confid...

8.8CVSS9.2AI score0.0011EPSS

Exploits1References2Affected Software1

OSV•added 2023/11/07 10:15 p.m.•1 views

CVE-2023-46793

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'day' parameter in the 'register' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS5.8AI score0.0015EPSS

Exploits1References2

Prion•added 2023/11/07 10:15 p.m.•11 views

Sql injection

7.5CVSS8.5AI score0.0015EPSS

Exploits1References2Affected Software1

CVE•added 2023/11/07 9:16 p.m.•53 views

CVE-2023-46797

CVE-2023-46797 is rejected/not used; this CVE entry does not represent an active vulnerability.

6.9AI score

Exploits0

CVE•added 2023/11/07 8:58 p.m.•36 views

CVE-2023-46786

CVE-2023-46786 entry is rejected/not used and does not represent an active vulnerability.

6.9AI score

Exploits0

Cvelist•added 2023/09/28 8:48 p.m.•14 views

CVE-2023-43740 Online Book Store Project v1.0 - Insecure File Upload

Online Book Store Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'image' parameter of adminedit.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application...

8.8CVSS9AI score0.02099EPSS

Exploits1References2

CVE•added 2022/11/23 12:0 a.m.•60 views

CVE-2022-43213

CVE-2022-43213 affects Billing System Project v1.0, where a SQL injection vulnerability exists in the id parameter of editorder.php. The issue is caused by improper input handling, enabling an attacker to manipulate SQL queries. The NVD/NVD-derived metrics rate impact as critical (C:H, I:H, A:H) ...

9.8CVSS9.7AI score0.00264EPSS

Exploits0References2Affected Software1

Prion•added 2022/11/22 6:15 p.m.•11 views

Sql injection

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at fetchOrderData.php...

7.5CVSS9.7AI score0.00334EPSS

Exploits0References2Affected Software1

NVD•added 2022/11/22 1:15 a.m.•12 views

CVE-2022-43215

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the endDate parameter at getOrderReport.php...

9.8CVSS0.00264EPSS

Exploits0References2

NVD•added 2022/11/22 1:15 a.m.•13 views

CVE-2022-43214

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at printOrder.php...

9.8CVSS0.00264EPSS

Exploits0References2

CVE•added 2022/11/22 12:0 a.m.•52 views

CVE-2022-43215

CVE-2022-43215 affects Billing System Project v1.0. The vulnerability is a SQL injection in the endDate parameter of the getOrderReport.php endpoint, as described across multiple sources. The issue arises from lack of input validation, enabling an attacker to influence SQL queries and potentially...

9.8CVSS9.8AI score0.00264EPSS

Exploits0References2Affected Software1

Cvelist•added 2022/11/22 12:0 a.m.•10 views

CVE-2022-43215

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the endDate parameter at getOrderReport.php...

10AI score0.00264EPSS

Exploits0References2

NVD•added 2022/10/18 2:15 p.m.•11 views

CVE-2022-41504

An arbitrary file upload vulnerability in the component /phpaction/editProductImage.php of Billing System Project v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

7.2CVSS0.00991EPSS

Exploits1References1

CVE•added 2022/10/18 12:0 a.m.•49 views

CVE-2022-41504

CVE-2022-41504 is an arbitrary file upload vulnerability in the Billing System Project v1.0, specifically in the /php_action/editProductImage.php component. The issue allows an attacker to upload a crafted PHP file and achieve arbitrary code execution. The CVSS score is High (7.2) with network at...

7.2CVSS7.3AI score0.00991EPSS

Exploits1References1Affected Software1

CVE•added 2022/10/17 12:0 a.m.•43 views

CVE-2022-41498

CVE-2022-41498 affects the Billing System Project v1.0, with a confirmed SQL injection vulnerability exploitable via the id parameter at /phpinventory/editbrand.php. The CVE entry lists a base score of 7.2 (High, CVSS 3.1: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). The exploitation status is not provi...

7.2CVSS7.2AI score0.00274EPSS

Exploits1References1Affected Software1

NVD•added 2022/09/30 3:15 p.m.•10 views

CVE-2022-41437

Billing System Project v1.0 was discovered to contain a remote code execution RCE vulnerability via the component /phpaction/createProduct.php...

7.2CVSS0.02579EPSS

Exploits1References1

Prion•added 2022/09/30 3:15 p.m.•13 views

Remote code execution

Billing System Project v1.0 was discovered to contain a remote code execution RCE vulnerability via the component /phpaction/createProduct.php...

5.8CVSS7.4AI score0.02579EPSS

Exploits1References1Affected Software1