Lucene search

K
Home Owners Collection Management System ProjectHome Owners Collection Management System

15 matches found

CVE
CVE
added 2022/03/02 5:15 p.m.85 views

CVE-2022-25016

Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /student_attendance/index.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

9.8CVSS9.6AI score0.01018EPSS
Web
CVE
CVE
added 2022/03/02 11:15 p.m.85 views

CVE-2022-25115

A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user/manage_user of Home Owners Collection Management System v1.0 allows attackers to execute arbitrary code via a crafted PNG file.

7.8CVSS8AI score0.01713EPSS
Web
CVE
CVE
added 2022/03/02 9:15 p.m.78 views

CVE-2022-25045

Home Owners Collection Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.

9.8CVSS9.7AI score0.00316EPSS
CVE
CVE
added 2022/02/26 12:15 a.m.78 views

CVE-2022-25096

Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/view_member.php.

9.8CVSS9.7AI score0.00375EPSS
Web
CVE
CVE
added 2022/02/26 12:15 a.m.75 views

CVE-2022-25094

Home Owners Collection Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the parameter "cover" in SystemSettings.php.

8.8CVSS9AI score0.11715EPSS
CVE
CVE
added 2022/02/28 11:15 p.m.74 views

CVE-2022-25028

Home Owners Collection Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the collected_by parameter under the List of Collections module.

6.1CVSS6AI score0.0024EPSS
CVE
CVE
added 2022/04/21 8:15 p.m.73 views

CVE-2022-28416

Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_phase.

9.8CVSS9.7AI score0.0025EPSS
Web
CVE
CVE
added 2022/04/21 8:15 p.m.68 views

CVE-2022-28417

Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_phase.

9.8CVSS9.8AI score0.0025EPSS
Web
CVE
CVE
added 2022/05/11 2:15 p.m.67 views

CVE-2022-28078

Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['page'] parameter.

6.1CVSS6AI score0.00987EPSS
CVE
CVE
added 2022/04/21 8:15 p.m.66 views

CVE-2022-28414

Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_member.

9.8CVSS9.7AI score0.0025EPSS
Web
CVE
CVE
added 2022/02/26 12:15 a.m.65 views

CVE-2022-25095

Home Owners Collection Management System v1.0 allows unauthenticated attackers to compromise user accounts via a crafted POST request.

9.8CVSS9.2AI score0.01363EPSS
CVE
CVE
added 2022/05/11 2:15 p.m.65 views

CVE-2022-28077

Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['s'] parameter.

6.1CVSS6AI score0.00199EPSS
Web
CVE
CVE
added 2022/04/21 8:15 p.m.62 views

CVE-2022-28415

Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_collection.

9.8CVSS9.7AI score0.0025EPSS
Web
CVE
CVE
added 2024/07/02 11:15 a.m.52 views

CVE-2024-6439

A vulnerability was found in SourceCodester Home Owners Collection Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Users.php?f=save. The manipulation of the argument img leads to unrestricted upload. The attack may be initiated remot...

9.8CVSS6.8AI score0.00125EPSS
Web
CVE
CVE
added 2024/07/02 11:15 a.m.42 views

CVE-2024-6440

A vulnerability was found in SourceCodester Home Owners Collection Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. It is possible to launch the a...

9.8CVSS7.1AI score0.0007EPSS
Web