7898 matches found
CVE-2024-40472
SourceCodester Daily Calories Monitoring Tool v1.0 is vulnerable to SQL Injection via delete-calorie.php. Multiple sources (NVD, Red Hat, CNNVD, CVE lists, PT Security) confirm an injection flaw in the PHP/MySQL component, enabling data disclosure/integrity/availability impact per CVSS scores (hi...
PT-2024-38474 · Sourcecodester · Sourcecodester Kortex Lite Advocate Office Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Kortex Lite Advocate Office Management System version 1.0 Description: A critical issue has been discovered, affecting an unknown functionality of the file activate act.php. The manipulation of the id argument leads to SQL...
CVE-2024-40472
Sourcecodester Daily Calories Monitoring Tool v1.0 is vulnerable to SQL Injection via "delete-calorie.php."...
Employee Management System 1.0 SQL Injection
============================================================================================================================================= | Title : Employee Management System v1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
CVE-2024-40475
SourceCodester Best House Rental Management System v1.0 is vulnerable to Incorrect Access Control via /rental/paymentreport.php, /rental/balancereport.php, /rental/invoices.php, /rental/tenants.php, and /rental/users.php...
CVE-2024-40476
CVE-2024-40476 corresponds to a CSRF vulnerability in SourceCodester Best House Rental Management System v1.0. The weakness allows an attacker to trick an administrator into performing add/modify/delete actions on tenant data via a crafted page, demonstrated by the Delete Tenant action at /rental...
CVE-2024-40475
CVE-2024-40475 affects SourceCodester Best House Rental Management System v1.0. The Red Hat and NVD/NVD-enriched records confirm an Incorrect Access Control vulnerability reachable at the REST/UI endpoints: “/rental/payment_report.php”, “/rental/balance_report.php”, “/rental/invoices.php”, “/rent...
CVE-2024-40473
A Stored Cross Site Scripting XSS vulnerability was found in "managehouses.php" in SourceCodester Best House Rental Management System v1.0. It allows remote attackers to execute arbitrary code via "Houseno" and "Description" parameter fields...
CVE-2024-40475
SourceCodester Best House Rental Management System v1.0 is vulnerable to Incorrect Access Control via /rental/paymentreport.php, /rental/balancereport.php, /rental/invoices.php, /rental/tenants.php, and /rental/users.php...
CVE-2024-40474
A Reflected Cross Site Scripting XSS vulnerability was found in "edit-cate.php" in SourceCodester House Rental Management System v1.0...
CVE-2024-40473
A Stored Cross Site Scripting XSS vulnerability was found in "managehouses.php" in SourceCodester Best House Rental Management System v1.0. It allows remote attackers to execute arbitrary code via "Houseno" and "Description" parameter fields...
CVE-2024-40476
A Cross-Site Request Forgery CSRF vulnerability was found in SourceCodester Best House Rental Management System v1.0. This could lead to an attacker tricking the administrator into adding/modifying/deleting valid tenant data via a crafted HTML page, as demonstrated by a Delete Tenant action at th...
CVE-2024-40474
A Reflected Cross Site Scripting XSS vulnerability was found in "edit-cate.php" in SourceCodester House Rental Management System v1.0...
CVE-2024-34480
SourceCodester Computer Laboratory Management System 1.0 allows admin/category/viewcategory.php id SQL Injection...
CVE-2024-34479
SourceCodester Computer Laboratory Management System 1.0 allows classes/Master.php id SQL Injection...
CVE-2024-34479
Vulnerability overview for CVE-2024-34479: Affects SourceCodester Computer Laboratory Management System 1.0. The flaw resides in the classes/Master.php id parameter, enabling SQL Injection due to insufficient input handling. Reported impact in the sources indicates full confidentiality, integrity...
Computer Laboratory Management System 1.0 Privilege Escalation Vulnerability
Exploit Title: Computer Laboratory Management System v1.0 - Incorrect access control Exploit Author: Sampath kumar kadajari Vendor Homepage: https://www.sourcecodester.com/php/17268/computer-laboratory-management-system-using-php-and-mysql.html Software Link:...
CVE-2024-34479
SourceCodester Computer Laboratory Management System 1.0 allows classes/Master.php id SQL Injection...
CVE-2024-34480
SourceCodester Computer Laboratory Management System 1.0 allows admin/category/viewcategory.php id SQL Injection...
Blog Site 1.0 Cross Site Scripting
============================================================================================================================================= | Title : Blog Site 1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendor :...