Lucene search
+L

160 matches found

euvd
euvd
added 2026/04/13 3:31 p.m.8 views

EUVD-2026-21910

Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/loadbook.php...

2.7CVSS5.9AI score0.00225EPSS
Exploits1References2
packetstorm
packetstorm
added 2024/09/17 12:0 a.m.206 views

Expense Management System 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : Expense Management System v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firef...

7.4AI score
Exploits0
nvd
nvd
added 2024/08/23 3:15 p.m.22 views

CVE-2024-42915

A host header injection vulnerability in Staff Appraisal System v1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This will allow attackers to arbitrarily reset other users' passwords and compromise their accounts...

8CVSS0.00408EPSS
Exploits0References2
cve
cve
added 2024/08/23 12:0 a.m.40 views

CVE-2024-42915

Summary: CVE-2024-42915 is a host header injection vulnerability in Staff Appraisal System v1.0. Affected component: the password reset flow within Staff Appraisal System. Root cause/impact: attackers can induce a user to click a crafted password reset link to obtain a password reset token, enabl...

8CVSS7.4AI score0.00408EPSS
Exploits0References2
nvd
nvd
added 2024/08/22 9:15 p.m.19 views

CVE-2024-42763

A Reflected Cross Site Scripting XSS vulnerability was found in the "/schedule.php" page of the Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via the "bookingdate" parameter...

5.4CVSS0.00415EPSS
Exploits1References2
cve
cve
added 2024/08/22 12:0 a.m.53 views

CVE-2024-42767

CVE-2024-42767 affects Kashipara Hotel Management System v1.0, with an Unrestricted File Upload vulnerability enabling Remote Code Execution through /admin/add_room_controller.php. Public sources consistently describe the flaw as a lack of validation of uploaded files, allowing an attacker to upl...

7.2CVSS6.9AI score0.00579EPSS
Exploits1References2Affected Software1
nvd
nvd
added 2024/08/12 1:38 p.m.33 views

CVE-2024-41332

Incorrect access control in the deletecategory function of Sourcecodester Computer Laboratory Management System v1.0 allows authenticated attackers with low-level privileges to arbitrarily delete categories...

6.5CVSS0.00599EPSS
Exploits3References2
vulnrichment
vulnrichment
added 2024/08/08 12:0 a.m.12 views

CVE-2024-40474

A Reflected Cross Site Scripting XSS vulnerability was found in "edit-cate.php" in SourceCodester House Rental Management System v1.0...

5.9AI score0.00491EPSS
Exploits0References2
githubexploit
githubexploit
added 2024/08/02 8:17 p.m.273 views

Exploit for Command Injection in Nikhil-Bhalerao Poultry_Farm_Management_System

PoC exploit for CVE-2024-40110, an arbitrary file upload vulnera...

9.8CVSS7.3AI score0.01909EPSS
Exploits3
prion
prion
added 2024/02/14 3:15 p.m.14 views

Sql injection

Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /edit.php...

5.8CVSS8.6AI score0.00716EPSS
Exploits1References1Affected Software1
exploitdb
exploitdb
added 2024/02/13 12:0 a.m.473 views

Lost and Found Information System v1.0 - ( IDOR ) leads to Account Take over

Exploit Title: Lost and Found Information System v1.0 - idor leads to Account Take over Date: 2023-12-03 Exploit Author: OR4NG.M4N Category : webapps CVE : CVE-2023-38965 Python p0c : import argparse import requests import time parser = argparse.ArgumentParserdescription='Send a POST request to t...

9.8CVSS9.7AI score0.01264EPSS
Exploits4
nvd
nvd
added 2024/01/30 1:15 a.m.22 views

CVE-2023-51813

Cross Site Request Forgery CSRF vulnerability in Free Open-Source Inventory Management System v.1.0 allows a remote attacker to execute arbitrary code via the stafflist parameter in the index.php component...

6.5CVSS7AI score0.00351EPSS
Exploits1References1
nvd
nvd
added 2024/01/16 6:15 p.m.19 views

CVE-2024-22627

Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /SupplyManagementSystem/admin/editdistributor.php?id=...

7.2CVSS7.4AI score0.00707EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2024/01/16 12:0 a.m.15 views

CVE-2024-22625

Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /SupplyManagementSystem/admin/editcategory.php?id=...

8.1AI score0.00745EPSS
Exploits1References1
cvelist
cvelist
added 2024/01/04 2:24 p.m.40 views

CVE-2023-50760 Online Notice Board System v1.0 - Insecure File Upload

Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/updateprofilepic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application...

8.8CVSS9AI score0.01213EPSS
Exploits1References2
cve
cve
added 2023/12/21 6:54 p.m.66 views

CVE-2023-45126

CVE-2023-45126 entry is rejected/not used and does not represent an active vulnerability.

6.8AI score
Exploits0
cve
cve
added 2023/12/21 6:53 p.m.63 views

CVE-2023-45125

The CVE entry CVE-2023-45125 is connected to PT-2023-29424, which describes an Authenticated SQL Injection in Online Examination System version 1.0. The vulnerability arises because the time parameter in update.php is not validated and is sent unfiltered to the database. Impact is not detailed be...

6.8AI score
Exploits0
cve
cve
added 2023/12/21 4:37 p.m.69 views

CVE-2023-45122

According to PT-2023-29421, CVE-2023-45122 is linked to Online Examination System version 1.0 and describes multiple authenticated SQL injection vulnerabilities in the update.php resource, specifically via the unvalidated name parameter passed to the database. Root cause: input is not properly va...

6.8AI score
Exploits0
cve
cve
added 2023/12/21 4:23 p.m.38 views

CVE-2023-45121

Online Examination System v1.0 is affected by multiple authenticated SQL Injection vulnerabilities. The root cause is unsanitized input in the desc parameter of /update.php?q=addquiz, which is sent unfiltered to the database. Impact is rated High for confidentiality, integrity, and availability (...

8.8CVSS9.2AI score0.00673EPSS
Exploits1References2Affected Software1
cve
cve
added 2023/11/02 1:18 p.m.30 views

CVE-2023-45329

Affected software: Online Food Ordering System, version 1.0. Vulnerability: unauthenticated SQL injection in routers/add-users.php; the unvalidated role parameter is sent to the database. Impact: potential for unauthorized data access/modification as described. Exploitation details: not provided ...

6.9AI score
Exploits0
Rows per page
Query Builder