Lucene search
K
Fast5Prison Management System

15 matches found

CVE
CVE
added 2024/04/08 12:0 a.m.76 views

CVE-2024-3437

CVE-2024-3437 affects SourceCodester Prison Management System 1.0, specifically the Avatar Handler in /Admin/add-admin.php. The avatar parameter can be manipulated to achieve unrestricted file upload, enabling remote exploitation. Multiple sources confirm a remote, unauthenticated impact with pub...

7.5CVSS7.3AI score0.01063EPSS
Web
CVE
CVE
added 2024/04/07 11:31 p.m.75 views

CVE-2024-3436

CVE-2024-3436 affects SourceCodester Prison Management System 1.0, targeting the Avatar Handler’s /Admin/edit-photo.php. The vulnerability is an unrestricted upload via manipulation of the avatar parameter, allowing remote exploitation. Multiple connected sources confirm the same issue and identi...

7.2CVSS6.5AI score0.00912EPSS
Web
CVE
CVE
added 2024/04/08 11:31 a.m.71 views

CVE-2024-3439

The CVE-2024-3439 entry concerns SourceCodester Prison Management System 1.0, with a SQL injection in the /Account/login.php function. The vulnerability arises from manipulation of an unknown function in that file, enabling remote exploitation. Public disclosure of the exploit is noted. Multiple ...

9.8CVSS7.5AI score0.00851EPSS
Web
CVE
CVE
added 2024/05/08 12:31 p.m.71 views

CVE-2024-4645

The CVE-2024-4645 entry concerns SourceCodester Prison Management System 1.0. Multiple connected sources confirm a cross-site scripting (XSS) vulnerability in /Admin/changepassword.php, triggered by manipulating the txtold_password, txtnew_password, and txtconfirm_password fields. The issue is tr...

5.4CVSS6.2AI score0.00478EPSS
Web
CVE
CVE
added 2024/05/06 1:31 a.m.66 views

CVE-2024-4512

The CVE-2024-4512 vulnerability affects SourceCodester Prison Management System 1.0, specifically the file /Employee/edit-profile.php. The issue is a cross-site scripting flaw caused by manipulating the arguments txtfullname, txtdob, txtaddress, txtqualification, cmddept, cmdemployeetype, and txt...

5.4CVSS6.3AI score0.00642EPSS
Web
CVE
CVE
added 2024/04/08 2:31 p.m.65 views

CVE-2024-3442

CVE-2024-3442 affects SourceCodester Prison Management System 1.0, with the vulnerability located in /Employee/delete_leave.php. The issue enables SQL injection and can be triggered remotely, with public exploit disclosure noted. Multiple sources corroborate the flaw’s presence in the delete_leav...

8.8CVSS6.8AI score0.00713EPSS
CVE
CVE
added 2024/05/05 6:0 p.m.64 views

CVE-2024-4500

SourceCodester Prison Management System 1.0 contains a vulnerability in the /Employee/edit-photo.php handler. The parameter userImage enables unrestricted file upload, which can be triggered remotely. The issue is explicitly described as allowing an unrestricted upload and has been publicly discl...

8.8CVSS7AI score0.00857EPSS
Web
CVE
CVE
added 2024/04/08 3:0 p.m.62 views

CVE-2024-3443

CVE-2024-3443 concerns SourceCodester Prison Management System 1.0. A cross-site scripting vulnerability exists in the /Employee/apply_leave.php file, caused by manipulating the txtstart_date/txtend_date parameters. Reports indicate the issue is exploitable remotely and that the public exploit ha...

5.4CVSS3.8AI score0.0055EPSS
Web
CVE
CVE
added 2024/05/08 11:31 a.m.62 views

CVE-2024-4644

CVE-2024-4644 affects SourceCodester Prison Management System 1.0, with a cross-site scripting flaw in the code path that handles /Employee/changepassword.php. The vulnerability allows manipulation of the txtold_password, txtnew_password, and txtconfirm_password fields to trigger XSS. Publicly di...

5.4CVSS6.4AI score0.00512EPSS
Web
CVE
CVE
added 2024/05/06 6:31 a.m.61 views

CVE-2024-4528

CVE-2024-4528 affects SourceCodester Prison Management System 1.0. The vulnerability resides in the /Admin/user-record.php function where manipulating the txtfullname parameter enables cross-site scripting. Descriptions indicate remote exploitation and public disclosure of the exploit. Several so...

4.8CVSS6.2AI score0.00616EPSS
Web
CVE
CVE
added 2024/04/08 11:0 a.m.58 views

CVE-2024-3438

CVE-2024-3438 affects SourceCodester Prison Management System 1.0. The vulnerability exists in the /Admin/login.php file, where input handling enables SQL injection. Exploitation is possible remotely, and public disclosure is noted. Multiple connected documents corroborate the issue and describe ...

9.8CVSS7.5AI score0.00851EPSS
Web
CVE
CVE
added 2024/10/28 12:0 a.m.55 views

CVE-2024-48594

Prison Management System 1.0 contains an unrestricted file upload vulnerability in the avatar upload flow (add-admin.php) that allows an authenticated attacker to upload a PHP webshell, enabling remote code execution. The issue is confirmed in public writeups and Metasploit modules, which note th...

8.8CVSS8.1AI score0.03275EPSS
Web
CVE
CVE
added 2024/04/08 2:0 p.m.54 views

CVE-2024-3440

CVE-2024-3440 affects SourceCodester Prison Management System 1.0, where an SQL injection in the /Admin/edit_profile.php endpoint enables remote exploitation. Public exploit/disclosure is indicated, with a high-severity impact profile (C/I/A: high). The vulnerability arises from an injectable inp...

7.2CVSS5.2AI score0.00706EPSS
CVE
CVE
added 2024/04/08 2:0 p.m.53 views

CVE-2024-3441

The CVE-2024-3441 entry concerns SourceCodester Prison Management System 1.0, where an SQL injection vulnerability exists in /Employee/edit-profile.php. The issue is exploitable remotely and has been publicly disclosed. Connected documents corroborate the affected product/version and the SQLi fla...

8.8CVSS6.7AI score0.00713EPSS
CVE
CVE
added 2026/02/08 7:2 p.m.17 views

CVE-2026-2177

CVE-2026-2177 affects SourceCodester Prison Management System 1.0, with a vulnerability in the Login component where manipulating an unknown function leads to session fixation. Exploitation is possible remotely, the exploit has been publicly disclosed, and exploitation maturity is listed as PROOF...

7.5CVSS6.8AI score0.00309EPSS