SourceCodester Tailor Management System XSS Injection Vulnerability

Tailor Management System is a customized management system. An XSS vulnerability exists in the index.php product in SourceCodester Tailor Management System, which stems from a lack of proper validation of client-side data in the web application and can be exploited by an attacker to execute...

CVE-2020-23828

The CVE-2020-23828 entry concerns SourceCodester Online Course Registration v1.0. A File Upload vulnerability allows remote attackers to achieve Remote Code Execution by uploading a crafted PHP web-shell that bypasses image-upload filters, exploiting the /Online%20Course%20Registration/my-profile...

CVE-2020-24198

A persistent cross-site scripting vulnerability in Sourcecodester Stock Management System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'Brand Name.'...

Remote code execution

An Arbitrary File Upload in the Upload Image component in Sourcecodester Online Bike Rental v1.0 allows authenticated administrator to conduct remote code execution...

Cross site scripting

A persistent cross-site scripting vulnerability in Sourcecodester Stock Management System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'Brand Name.'...

CVE-2020-24195

CVE-2020-24195 describes an Arbitrary File Upload vulnerability in the Upload Image component of Sourcecodester Online Bike Rental v1.0. The issue allows an authenticated administrator to perform remote code execution. Publicly available details from Red Hat corroborate the vendor/product context...

CVE-2020-24194

A Cross-site scripting XSS vulnerability in 'user-profile.php' in SourceCodester Daily Tracker System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'fullname' parameter...

CVE-2020-24198

A persistent cross-site scripting vulnerability affects Sourcecodester Stock Management System v1.0 (Stock Management System). The issue is exploitable via the Brand Name field, allowing remote attackers to inject arbitrary web script or HTML. Root cause is improper input handling/sanitization fo...

CVE-2020-23830

A Cross-Site Request Forgery CSRF vulnerability in changeUsername.php in SourceCodester Stock Management System v1.0 allows remote attackers to deny future logins by changing an authenticated victim's username when they visit a third-party site...

CVE-2020-23830

CVE-2020-23830 documents a CSRF in the SourceCodester Stock Management System v1.0, specifically in changeUsername.php. An attacker can cause an authenticated user to have their username changed when the victim visits a third-party site, effectively denying future logins. The provided sources do ...

CVE-2020-23835

A Reflected Cross-Site Scripting XSS vulnerability in the index.php login-portal webpage of SourceCodester Tailor Management System v1.0 allows remote attackers to harvest keys pressed by an unauthenticated victim who clicks on a malicious URL and begins typing...

CVE-2020-23831

A Reflected Cross-Site Scripting XSS vulnerability in the index.php login-portal webpage of SourceCodester Stock Management System v1.0 allows remote attackers to harvest login credentials and session cookies when an unauthenticated victim clicks on a malicious URL and enters credentials...

CVE-2020-23831

CVE-2020-23831 describes a reflected XSS in the SourceCodester Stock Management System v1.0, specifically in the index.php login-portal page. The vulnerability allows an unauthenticated user to lure a victim to a malicious URL and, when credentials are entered, potentially harvest credentials and...

CVE-2020-23835

The CVE-2020-23835 issue affects SourceCodester Tailor Management System v1.0, specifically the index.php login-portal page. A Reflected Cross-Site Scripting (XSS) vulnerability in this page allows remote attackers to trigger the vulnerability when a victim clicks a malicious URL and starts typin...

Complaint Management System 1.0 - (cid) SQL Injection Vulnerability

Exploit for php platform in category web applications Title: Complaint Management System 1.0 - 'cid' SQL Injection Exploit Author: Mohamed Elobeid 0b3!d Date: 2020-08-21 Vendor Homepage: https://www.sourcecodester.com/php/14206/complaint-management-system.html Software Link:...

Pharmacy Medical Store And Sale Point 1.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Title: Pharmacy Medical Store and Sale Point 1.0 - 'catid' SQL Injection Exploit Author: Moaaz Taha 0xStorm Vendor Homepage: https://www.sourcecodester.com/php/14398/pharmacymedical-store-sale-point-using-phpmysql-bootstrap-framework.html...

Pharmacy Medical Store and Sale Point 1.0 - (catid) SQL Injection Vulnerability

Exploit for php platform in category web applications Title: Pharmacy Medical Store and Sale Point 1.0 - 'catid' SQL Injection Exploit Author: Moaaz Taha 0xStorm Vendor Homepage: https://www.sourcecodester.com/php/14398/pharmacymedical-store-sale-point-using-phpmysql-bootstrap-framework.html...

CVE-2020-24208

A SQL injection vulnerability in SourceCodester Online Shopping Alphaware 1.0 allows remote unauthenticated attackers to bypass the authentication process via email and password parameters...

Sql injection

A SQL injection vulnerability in SourceCodester Online Shopping Alphaware 1.0 allows remote unauthenticated attackers to bypass the authentication process via email and password parameters...

CVE-2020-24208

CVE-2020-24208 affects SourceCodester Online Shopping Alphaware 1.0. It is a SQL injection flaw that allows remote unauthenticated attackers to bypass authentication via email and password parameters, per NVD data. CVSS v2 base score 7.5 (HIGH) and CVSS v3.1 base score 9.8 (CRITICAL). No remediat...