15 matches found
CVE-2024-3437
CVE-2024-3437 affects SourceCodester Prison Management System 1.0, specifically the Avatar Handler in /Admin/add-admin.php. The avatar parameter can be manipulated to achieve unrestricted file upload, enabling remote exploitation. Multiple sources confirm a remote, unauthenticated impact with pub...
CVE-2024-3436
CVE-2024-3436 affects SourceCodester Prison Management System 1.0, targeting the Avatar Handler’s /Admin/edit-photo.php. The vulnerability is an unrestricted upload via manipulation of the avatar parameter, allowing remote exploitation. Multiple connected sources confirm the same issue and identi...
CVE-2024-3439
The CVE-2024-3439 entry concerns SourceCodester Prison Management System 1.0, with a SQL injection in the /Account/login.php function. The vulnerability arises from manipulation of an unknown function in that file, enabling remote exploitation. Public disclosure of the exploit is noted. Multiple ...
CVE-2024-4645
The CVE-2024-4645 entry concerns SourceCodester Prison Management System 1.0. Multiple connected sources confirm a cross-site scripting (XSS) vulnerability in /Admin/changepassword.php, triggered by manipulating the txtold_password, txtnew_password, and txtconfirm_password fields. The issue is tr...
CVE-2024-4512
The CVE-2024-4512 vulnerability affects SourceCodester Prison Management System 1.0, specifically the file /Employee/edit-profile.php. The issue is a cross-site scripting flaw caused by manipulating the arguments txtfullname, txtdob, txtaddress, txtqualification, cmddept, cmdemployeetype, and txt...
CVE-2024-3442
CVE-2024-3442 affects SourceCodester Prison Management System 1.0, with the vulnerability located in /Employee/delete_leave.php. The issue enables SQL injection and can be triggered remotely, with public exploit disclosure noted. Multiple sources corroborate the flaw’s presence in the delete_leav...
CVE-2024-4500
SourceCodester Prison Management System 1.0 contains a vulnerability in the /Employee/edit-photo.php handler. The parameter userImage enables unrestricted file upload, which can be triggered remotely. The issue is explicitly described as allowing an unrestricted upload and has been publicly discl...
CVE-2024-3443
CVE-2024-3443 concerns SourceCodester Prison Management System 1.0. A cross-site scripting vulnerability exists in the /Employee/apply_leave.php file, caused by manipulating the txtstart_date/txtend_date parameters. Reports indicate the issue is exploitable remotely and that the public exploit ha...
CVE-2024-4644
CVE-2024-4644 affects SourceCodester Prison Management System 1.0, with a cross-site scripting flaw in the code path that handles /Employee/changepassword.php. The vulnerability allows manipulation of the txtold_password, txtnew_password, and txtconfirm_password fields to trigger XSS. Publicly di...
CVE-2024-4528
CVE-2024-4528 affects SourceCodester Prison Management System 1.0. The vulnerability resides in the /Admin/user-record.php function where manipulating the txtfullname parameter enables cross-site scripting. Descriptions indicate remote exploitation and public disclosure of the exploit. Several so...
CVE-2024-3438
CVE-2024-3438 affects SourceCodester Prison Management System 1.0. The vulnerability exists in the /Admin/login.php file, where input handling enables SQL injection. Exploitation is possible remotely, and public disclosure is noted. Multiple connected documents corroborate the issue and describe ...
CVE-2024-48594
Prison Management System 1.0 contains an unrestricted file upload vulnerability in the avatar upload flow (add-admin.php) that allows an authenticated attacker to upload a PHP webshell, enabling remote code execution. The issue is confirmed in public writeups and Metasploit modules, which note th...
CVE-2024-3440
CVE-2024-3440 affects SourceCodester Prison Management System 1.0, where an SQL injection in the /Admin/edit_profile.php endpoint enables remote exploitation. Public exploit/disclosure is indicated, with a high-severity impact profile (C/I/A: high). The vulnerability arises from an injectable inp...
CVE-2024-3441
The CVE-2024-3441 entry concerns SourceCodester Prison Management System 1.0, where an SQL injection vulnerability exists in /Employee/edit-profile.php. The issue is exploitable remotely and has been publicly disclosed. Connected documents corroborate the affected product/version and the SQLi fla...
CVE-2026-2177
CVE-2026-2177 affects SourceCodester Prison Management System 1.0, with a vulnerability in the Login component where manipulating an unknown function leads to session fixation. Exploitation is possible remotely, the exploit has been publicly disclosed, and exploitation maturity is listed as PROOF...