160 matches found
EUVD-2026-21910
Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/loadbook.php...
Expense Management System 1.0 Arbitrary File Upload
============================================================================================================================================= | Title : Expense Management System v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firef...
CVE-2024-42915
A host header injection vulnerability in Staff Appraisal System v1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This will allow attackers to arbitrarily reset other users' passwords and compromise their accounts...
CVE-2024-42915
Summary: CVE-2024-42915 is a host header injection vulnerability in Staff Appraisal System v1.0. Affected component: the password reset flow within Staff Appraisal System. Root cause/impact: attackers can induce a user to click a crafted password reset link to obtain a password reset token, enabl...
CVE-2024-42763
A Reflected Cross Site Scripting XSS vulnerability was found in the "/schedule.php" page of the Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via the "bookingdate" parameter...
CVE-2024-42767
CVE-2024-42767 affects Kashipara Hotel Management System v1.0, with an Unrestricted File Upload vulnerability enabling Remote Code Execution through /admin/add_room_controller.php. Public sources consistently describe the flaw as a lack of validation of uploaded files, allowing an attacker to upl...
CVE-2024-41332
Incorrect access control in the deletecategory function of Sourcecodester Computer Laboratory Management System v1.0 allows authenticated attackers with low-level privileges to arbitrarily delete categories...
CVE-2024-40474
A Reflected Cross Site Scripting XSS vulnerability was found in "edit-cate.php" in SourceCodester House Rental Management System v1.0...
Exploit for Command Injection in Nikhil-Bhalerao Poultry_Farm_Management_System
PoC exploit for CVE-2024-40110, an arbitrary file upload vulnera...
Sql injection
Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /edit.php...
Lost and Found Information System v1.0 - ( IDOR ) leads to Account Take over
Exploit Title: Lost and Found Information System v1.0 - idor leads to Account Take over Date: 2023-12-03 Exploit Author: OR4NG.M4N Category : webapps CVE : CVE-2023-38965 Python p0c : import argparse import requests import time parser = argparse.ArgumentParserdescription='Send a POST request to t...
CVE-2023-51813
Cross Site Request Forgery CSRF vulnerability in Free Open-Source Inventory Management System v.1.0 allows a remote attacker to execute arbitrary code via the stafflist parameter in the index.php component...
CVE-2024-22627
Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /SupplyManagementSystem/admin/editdistributor.php?id=...
CVE-2024-22625
Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /SupplyManagementSystem/admin/editcategory.php?id=...
CVE-2023-50760 Online Notice Board System v1.0 - Insecure File Upload
Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/updateprofilepic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application...
CVE-2023-45126
CVE-2023-45126 entry is rejected/not used and does not represent an active vulnerability.
CVE-2023-45125
The CVE entry CVE-2023-45125 is connected to PT-2023-29424, which describes an Authenticated SQL Injection in Online Examination System version 1.0. The vulnerability arises because the time parameter in update.php is not validated and is sent unfiltered to the database. Impact is not detailed be...
CVE-2023-45122
According to PT-2023-29421, CVE-2023-45122 is linked to Online Examination System version 1.0 and describes multiple authenticated SQL injection vulnerabilities in the update.php resource, specifically via the unvalidated name parameter passed to the database. Root cause: input is not properly va...
CVE-2023-45121
Online Examination System v1.0 is affected by multiple authenticated SQL Injection vulnerabilities. The root cause is unsanitized input in the desc parameter of /update.php?q=addquiz, which is sent unfiltered to the database. Impact is rated High for confidentiality, integrity, and availability (...
CVE-2023-45329
Affected software: Online Food Ordering System, version 1.0. Vulnerability: unauthenticated SQL injection in routers/add-users.php; the unvalidated role parameter is sent to the database. Impact: potential for unauthorized data access/modification as described. Exploitation details: not provided ...