5 matches found
CVE-2024-3522
Campcodes Online Event Management System 1.0 is affected by a SQL injection in /api/process.php via the userId parameter. Root cause: improper handling of user-supplied input leads to injection. Impact is described as high for confidentiality, integrity, and availability, with remote exploitation...
CVE-2024-3526
CVE-2024-3526 affects Campcodes Online Event Management System 1.0. An XSS flaw exists in the index.php file where the msg parameter is not properly filtered/escaped, allowing remote injection of arbitrary script code. Several connected sources describe the issue and confirm that the vulnerabilit...
CVE-2024-3523
CVE-2024-3523 is a reported SQL injection in Campcodes Online Event Management System v1.0, triggered by manipulating the ID parameter in the /views/index.php file. The vulnerability is exploitable remotely, with the exploit publicly disclosed. Affects unknown code paths in the identified file; i...
CVE-2024-3524
CVE-2024-3524 affects Campcodes Online Event Management System 1.0. A cross-site scripting flaw arises from unknown processing in /views/process.php where manipulating the name argument enables XSS. The attack can be remote and the exploit has been publicly disclosed. Sources consistently referen...
CVE-2024-3525
CVE-2024-3525 affects Campcodes Online Event Management System 1.0. An XSS vulnerability exists in an unknown function of /views/index.php through the msg parameter, exploitable remotely and with the vulnerability publicly disclosed. Affected impact is consistent with reflected/XSS behavior; expl...