7 matches found
CVE-2024-3360
The CVE-2024-3360 entry concerns SourceCodester Online Library System 1.0. The vulnerability is in the admin/books/index.php file, where manipulating the id parameter enables SQL injection and can be exploited remotely. Multiple sources confirm the affected file and parameter, and describe the im...
CVE-2024-3365
CVE-2024-3365 affects SourceCodester Online Library System 1.0. The vulnerability lies in the admin/users/controller.php file, where manipulation of the user_name argument enables a cross-site scripting (XSS) flaw. The issue is exploitable remotely and public exploits have been disclosed. Several...
CVE-2024-3364
CVE-2024-3364 affects SourceCodester Online Library System 1.0. The vulnerability is a cross-site scripting issue in the file admin/books/index.php , caused by manipulation of the id parameter. Impact is an XSS exposure; attack can be initiated remotely and has been publicly disclosed. Connected ...
CVE-2024-3362
CVE-2024-3362 affects SourceCodester Online Library System 1.0. The vulnerability is a SQL injection in the IBSN parameter of admin/books/controller.php. The issue can be triggered remotely and exploits have been publicly disclosed. Connected sources confirm the vulnerable component and the root ...
CVE-2024-3363
SourceCodester Online Library System 1.0 contains a SQL injection vulnerability in admin/borrowed/index.php, triggered by manipulating the BookPublisher/BookTitle parameters. The issue affects an unknown part of that file and can be exploited remotely; the vulnerability has been publicly disclose...
CVE-2024-3359
CVE-2024-3359 affects SourceCodester Online Library System 1.0. The vulnerability is in the admin/login.php file where the user_email parameter is manipulated, causing a SQL injection due to unsanitized input. Documents indicate the attack is remotely executable and that an exploit has been discl...
CVE-2024-3361
SourceCodester Online Library System 1.0 contains a SQL injection vulnerability in the admin/books/deweydecimal.php file, exploitable via the category parameter. This CVE (CVE-2024-3361) allows remote attackers to manipulate the web app and potentially access/modify data; multiple sources confirm...