18 matches found
CVE-2024-33980
CVE-2024-33980 is a Cross-Site Scripting (XSS) vulnerability affecting Janobe’s PayPal, Credit Card and Debit Card Payment product version 1.0. The issue enables an attacker to lure a victim with a crafted URL and access the victim’s session cookie via the ‘start’ parameter in /admin/mod_reports/...
CVE-2024-33966
CVE-2024-33966 concerns a SQL injection in the Janobe product family, specifically in the PayPal, Credit Card and Debit Card Payment software v1.0. The vulnerability arises from unsafe handling of the input in the xtsearch parameter of /admin/mod_reports/index.php, allowing an attacker to potenti...
CVE-2024-33970
CVE-2024-33970 concerns a SQL injection in Janobe’s PayPal/Credit Card/Debit Card Payment software (version 1.0). The vulnerability allows an attacker to craft a query against the server via the studid parameter in /candidate/controller.php to retrieve stored information. Connected sources (Red H...
CVE-2024-33960
CVE-2024-33960 concerns a SQL injection in Janobe PayPal/Card Payment software v1.0. The vulnerability allows an attacker to craft a query via the parameter named “end” in the endpoint “/admin/mod_reports/printreport.php” and potentially retrieve information stored by the server. Several connecte...
CVE-2024-33963
CVE-2024-33963 is a reported SQL injection in the PayPal, Credit Card and Debit Card Payment product (version 1.0, Janobe) exploitable via the id parameter in the path "/admin/mod_room/index.php". Multiple sources describe attackers potentially retrieving all stored data through a crafted query, ...
CVE-2024-33972
CVE-2024-33972 concerns a SQL injection in PayPal, Credit Card and Debit Card Payment version 1.0 (janobe). The vulnerability is triggered via a crafted query in the /report/event_print.php endpoint, specifically via the 'events' parameter, enabling retrieval of stored information. The public doc...
CVE-2024-33973
CVE-2024-33973 affects PayPal, Credit Card and Debit Card Payment version 1.0 (janobe) and stems from an SQL injection in the /report/attendance_print.php endpoint, via the Attendance and YearLevel parameters. The vulnerability could allow an attacker to retrieve all information stored on the ser...
CVE-2024-33964
CVE-2024-33964 relates to an SQL injection in Janobe’s PayPal, Credit Card and Debit Card Payment software (version 1.0). The vulnerability occurs via the id parameter in /admin/mod_users/index.php and could allow an attacker to retrieve data stored by the server. Affected product/version: PayPal...
CVE-2024-33959
SQL injection in Janobe PayPal product (PayPal, Credit Card and Debit Card Payment) version 1.0 allows an attacker to craft a query to the server and extract all data via the 'categ' parameter in /admin/mod_reports/printreport.php. Affected component is the server-side query handling for reports;...
CVE-2024-33962
CVE-2024-33962 concerns a SQL injection in Janobe PayPal/Credit Card/Debit Card Payment v1.0. Affected component is the server-side code handling the parameter in /admin/mod_reservation/index.php, where a crafted query may exfiltrate data. The connected sources consistently describe the vulnerabi...
CVE-2024-33961
CVE-2024-33961 involves a SQL injection in PayPal, Credit Card and Debit Card Payment version 1.0 . The vulnerability is exploitable by sending a specially crafted query that targets the parameter named 'code' in the path /admin/mod_reservation/controller.php , potentially allowing an attacker to...
CVE-2024-33967
CVE-2024-33967 describes an SQL injection in the PayPal, Credit Card and Debit Card Payment system (version 1.0) by targeting the /AttendanceMonitoring/report/attendance_print.php endpoint. An attacker can craft a query via the view parameter to retrieve all data stored in the system, specificall...
CVE-2024-33969
CVE-2024-33969 affects Janobe’s PayPal, Credit Card and Debit Card Payment software (version 1.0). The vulnerability is a SQL injection in the /AttendanceMonitoring/department/index.php endpoint via the id parameter, allowing an attacker to retrieve stored data. CVSS data indicate high impact to ...
CVE-2024-33965
CVE-2024-33965 is a SQL injection in the PayPal, Credit Card and Debit Card Payment system (version 1.0) by janobe, exposed via the /tubigangarden/admin/mod_accomodation/index.php?view parameter. Multiple connected sources corroborate that a specially crafted query can exfiltrate stored data. Pub...
CVE-2024-33971
CVE-2024-33971 describes an SQL injection vulnerability in the PayPal, Credit Card and Debit Card Payment software (version 1.0, janobe products) where an attacker can exploit the username parameter passed to the /login.php endpoint to retrieve data. Documents consistently tie this to SQL injecti...
CVE-2024-33979
CVE-2024-33979 describes a Cross-Site Scripting (XSS) vulnerability in Janobe products labeled as PayPal, Credit Card and Debit Card Payment, version 1.0. The issue arises from improperly handling user-supplied input in the query/URL parameters within “/index.php” (notably the q, arrival, departu...
CVE-2024-33968
CVE-2024-33968 describes a SQL injection in the PayPal, Credit Card and Debit Card Payment app (version 1.0) from Janobe. The vulnerability is exploitable via the AttendanceMonitoring/report/index.php endpoint, specifically through the Attendance and YearLevel parameters, allowing retrieval of da...
CVE-2024-33981
CVE-2024-33981 describes a Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment version 1.0. The issue allows an attacker to craft a URL and lure a victim to exfiltrate session cookies via the start parameter in /admin/mod_reports/index.php. Affected component/pr...