126 matches found
PT-2024-34423 · Unknown · Kashipara E-Learning Management System Project
Name of the Vulnerable Software and Affected Versions: kashipara E-learning Management System Project version 1.0 Description: A SQL Injection issue was found in the /admin/school year.php file, specifically via the school year parameter. This allows for potential exploitation. Recommendations: F...
CVE-2024-50837
CVE-2024-50837 pertains to the Kashipara E-learning Management System Project 1.0. It describes a stored XSS vulnerability in the /admin/admin_user.php endpoint where an attacker can inject scripts via the firstname and username parameters. The CVSS 3.1 base score is 5.4 (Medium) with network att...
CVE-2024-10609 itsourcecode Tailoring Management System Project typeadd.php sql injection
A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System Project 1.0. This affects an unknown part of the file typeadd.php. The manipulation of the argument sex leads to sql injection. It is possible to initiate the attack remotely. The exploit has...
Online Tourism Management System 1.0 Insecure Settings
======================================================================================================================================================== | Title : online tourism management system 1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser...
CVE-2024-37873
SQL injection vulnerability in viewpayslip.php in Itsourcecode Payroll Management System Project In PHP With Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2024-37840
SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the LessonID parameter...
SourceCodester Online Examination System SQL注入漏洞
SourceCodester Online Examination System is an online examination system from SourceCodester, Inc. A SQL injection vulnerability exists in SourceCodester Online Examination System Project version 1.0, which originates from the parameter email in the file registeracc.php that can lead to SQL...
Sql injection
SQL injection vulnerability in Dynamic Lab Management System Project in PHP v.1.0 allows a remote attacker to execute arbitrary code via a crafted script...
CVE-2023-48434
CVE-2023-48434 affects Online Voting System Project v1.0. The reg_action.php resource’s username parameter does not validate input, sending unfiltered data to the database and allowing unauthenticated SQL injection. Multiple connected sources corroborate this vulnerability, consistently describin...
CVE-2023-34487
The CVE-2023-34487 entry is confirmed with concrete details in connected data: itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to SQL Injection via the login password input field. An external GitHub exploit demonstrates a time-based blind SQL injection against the ...
CVE-2023-33584
Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection SQLI attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the username and password fields during the login process...
CVE-2023-33584
Enrollment System Project V1.0 from Sourcecodester is vulnerable to SQL Injection in the login flow (username/password inputs) that can bypass authentication and gain unauthorized access. Root cause: improper validation/sanitization of input in login queries. Public exploits exist (e.g., Exploit-...
Enrollment System Project SQL注入漏洞
Enrollment System Project is an enrollment system project by Carlo Montero Individual Developer. A security vulnerability exists in version 1.0 of Enrollment System Project that stems from the presence of a SQL injection vulnerability...
CVE-2023-23158
A stored cross-site scripting XSS vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the message parameter on the enquiry page...
CVE-2023-23158
CVE-2023-23158 refers to a stored cross-site scripting (XSS) vulnerability in the Art Gallery Management System Project v1.0. The issue allows an attacker to execute arbitrary web scripts or HTML by injecting a crafted payload into the message parameter on the enquiry page. The PT-2023-18865 entr...
CVE-2023-23157
Affected software: Art Gallery Management System Project v1.0. The vulnerability is a stored XSS in the fullname parameter on the enquiry page, caused by unsanitized input. Impact described: attackers can execute arbitrary web scripts/HTML; potential data theft or session compromise. Remediation ...
Billing System Project getOrderReport.php SQL Injection Vulnerability
Billing System Project is a billing system project by Mayuri K. Individual developer. Billing System Project v1.0 suffers from a SQL injection vulnerability that stems from a lack of validation of the endDate parameter in getOrderReport.php against an externally entered SQL statement. An attacker...
CVE-2022-43213
Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editorder.php...
CVE-2022-43213
Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editorder.php...
Sql injection
Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editorder.php...