CVE-2020-28183

SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php...

CVE-2020-28130

An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos under the web root...

CVE-2020-28130

An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos under the web root...

CVE-2020-28129

Stored Cross-site scripting XSS vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields 'Package Name' and 'Description'...

Cross site scripting

Stored Cross-site scripting XSS vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields 'Package Name' and 'Description'...

CVE-2020-28130

An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos under the web root...

CVE-2020-28130

CVE-2020-28130 describes an Arbitrary File Upload in the Upload Image component of SourceCodester Online Library Management System 1.0. The flaw allows an attacker to upload PHP files to admin/borrower/photos (web root) and gain remote code execution via admin/borrower/index.php?view=add. Public ...

CVE-2020-28129

CVE-2020-28129 affects SourceCodester Gym Management System 1.0. The vulnerability is a stored XSS in index.php?page=packages, exploitable via the vulnerable fields ‘Package Name’ and ‘Description’ to inject arbitrary JavaScript. Connected PT-2020-16929 documents the same issue and recommends res...

CVE-2020-28136

An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page...

CVE-2020-28140

SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php...

Design/Logic Flaw

SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php...

CVE-2020-28136

An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page...

CVE-2020-28136

SourceCodester Tourism Management System 1.0 is affected by an Arbitrary File Upload vulnerability that enables remote code execution through the admin/create-package.php page. The root cause is the ability to upload executable files, allowing an attacker to gain control of the system. Public ref...

CVE-2020-28133

The CVE-2020-28133 entry concerns SourceCodester Simple Grocery Store Sales And Inventory System 1.0. A SQL injection flaw in sales_inventory/login.php enables authentication bypass, allowing an attacker to obtain client privileges. Public references in multiple sources corroborate an SQL injecti...

CVE-2020-28140

CVE-2020-28140 affects SourceCodester Online Clothing Store 1.0. The issue is an arbitrary file upload via the image upload function in Products.php, which could allow an attacker to upload malicious content. Security references indicate a high-severity impact (NVD CVSS v3.1: CRITICAL, HIGH impac...

CVE-2020-28139

SourceCodester Online Clothing Store 1.0 is affected by a cross-site scripting (XSS) vulnerability in the Offer Detail field of offer.php. Multiple connected sources confirm the issue and point to an input-field-based XSS path, with the vulnerability originating in Offer Detail handling. The core...

CVE-2020-28138

SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection in login.php via the txtUserName parameter. Root cause: improper input validation allowing SQL injection. Impact: as per CVE metrics, potential execution of arbitrary SQL with high/critical severity; remote attacker could man...

Water Billing System 1.0 - 'id' SQL Injection (Authenticated)

Exploit Title: Water Billing System 1.0 - 'id' SQL Injection Authenticated Date: 2020-11-14 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Author ID: 8763 Vendor: https://www.sourcecodester.com/php/14560/water-billing-system-phpmysqli-full-source-code.html Version: 1.0 Tested on: Apache2 an...

Water Billing System 1.0 SQL Injection

Exploit Title: Water Billing System 1.0 - 'id' SQL Injection Authenticated Date: 2020-11-14 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Author ID: 8763 Vendor: https://www.sourcecodester.com/php/14560/water-billing-system-phpmysqli-full-source-code.html Version: 1.0 Tested on: Apache2 an...

Car Rental Management System 1.0 - SQL injection + Arbitrary File Upload

Exploit Title: Car Rental Management System 1.0 - SQL injection + Arbitrary File Upload Date: 09-11-2020 Exploit Author: Fortunato Lodari fox at thebrain dot net Vendor Homepage: https://www.sourcecodester.com/php/14544/car-rental-management-system-using-phpmysqli-source-code.html Software Link:...