28 matches found
CVE-2024-33966
CVE-2024-33966 concerns a SQL injection in the Janobe product family, specifically in the PayPal, Credit Card and Debit Card Payment software v1.0. The vulnerability arises from unsafe handling of the input in the xtsearch parameter of /admin/mod_reports/index.php, allowing an attacker to potenti...
CVE-2024-33970
CVE-2024-33970 concerns a SQL injection in Janobe’s PayPal/Credit Card/Debit Card Payment software (version 1.0). The vulnerability allows an attacker to craft a query against the server via the studid parameter in /candidate/controller.php to retrieve stored information. Connected sources (Red H...
CVE-2024-33992
CVE-2024-33992 is a Cross-Site Scripting (XSS) vulnerability in School Event Management System v1.0. The flaw allows an attacker to craft a query to the server and retrieve all stored data through the view parameter in /student/index.php. Connected sources corroborate the vulnerability and recomm...
CVE-2024-33993
CVE-2024-33993 describes a Cross-Site Scripting (XSS) vulnerability in School Event Management System v1.0. The issue is triggered when an attacker constructs a specially crafted URL exploiting the 'view' parameter in /candidate/index.php to obtain a victim’s session details. The connected source...
CVE-2024-33963
CVE-2024-33963 is a reported SQL injection in the PayPal, Credit Card and Debit Card Payment product (version 1.0, Janobe) exploitable via the id parameter in the path "/admin/mod_room/index.php". Multiple sources describe attackers potentially retrieving all stored data through a crafted query, ...
CVE-2024-33972
CVE-2024-33972 concerns a SQL injection in PayPal, Credit Card and Debit Card Payment version 1.0 (janobe). The vulnerability is triggered via a crafted query in the /report/event_print.php endpoint, specifically via the 'events' parameter, enabling retrieval of stored information. The public doc...
CVE-2024-33973
CVE-2024-33973 affects PayPal, Credit Card and Debit Card Payment version 1.0 (janobe) and stems from an SQL injection in the /report/attendance_print.php endpoint, via the Attendance and YearLevel parameters. The vulnerability could allow an attacker to retrieve all information stored on the ser...
CVE-2024-33988
CVE-2024-33988 affects School Attendance Monitoring System and School Event Management System (version 1.0). The vulnerability is a Cross-Site Scripting (XSS) in the /report/attendance_print.php endpoint, exploitable via crafted values in Attendance, attenddate, and YearLevel parameters to cause ...
CVE-2024-33964
CVE-2024-33964 relates to an SQL injection in Janobe’s PayPal, Credit Card and Debit Card Payment software (version 1.0). The vulnerability occurs via the id parameter in /admin/mod_users/index.php and could allow an attacker to retrieve data stored by the server. Affected product/version: PayPal...
CVE-2024-33959
SQL injection in Janobe PayPal product (PayPal, Credit Card and Debit Card Payment) version 1.0 allows an attacker to craft a query to the server and extract all data via the 'categ' parameter in /admin/mod_reports/printreport.php. Affected component is the server-side query handling for reports;...
CVE-2024-33962
CVE-2024-33962 concerns a SQL injection in Janobe PayPal/Credit Card/Debit Card Payment v1.0. Affected component is the server-side code handling the parameter in /admin/mod_reservation/index.php, where a crafted query may exfiltrate data. The connected sources consistently describe the vulnerabi...
CVE-2024-33974
CVE-2024-33974 describes a SQL injection in PayPal, Credit Card and Debit Card Payment version 1.0 (Janobe products). The vulnerability affects the server-side handling of the URL parameter against the path '/report/printlogs.php' (the “Users” data flow), allowing an attacker to craft a query tha...
CVE-2024-33983
CVE-2024-33983 is an XSS vulnerability affecting the School Attendance Monitoring System and the School Event Management System (version 1.0). An attacker can craft a URL that passes unsanitized input through the AttendanceMonitoring/report/attendance_print.php parameters (Attendance, attenddate,...
CVE-2024-33961
CVE-2024-33961 involves a SQL injection in PayPal, Credit Card and Debit Card Payment version 1.0 . The vulnerability is exploitable by sending a specially crafted query that targets the parameter named 'code' in the path /admin/mod_reservation/controller.php , potentially allowing an attacker to...
CVE-2024-33967
CVE-2024-33967 describes an SQL injection in the PayPal, Credit Card and Debit Card Payment system (version 1.0) by targeting the /AttendanceMonitoring/report/attendance_print.php endpoint. An attacker can craft a query via the view parameter to retrieve all data stored in the system, specificall...
CVE-2024-33969
CVE-2024-33969 affects Janobe’s PayPal, Credit Card and Debit Card Payment software (version 1.0). The vulnerability is a SQL injection in the /AttendanceMonitoring/department/index.php endpoint via the id parameter, allowing an attacker to retrieve stored data. CVSS data indicate high impact to ...
CVE-2024-33987
The CVE-2024-33987 entry describes a Cross-Site Scripting (XSS) vulnerability in Janobe’s School Attendance Monitoring System and School Event Management System (version 1.0). The issue allows an attacker to craft a URL targeting parameters such as Attendance, attenddate, YearLevel, eventdate, ev...
CVE-2024-33991
CVE-2024-33991 is an XSS vulnerability in School Event Management System version 1.0. The flaw occurs in the server-side handling of the query parameter 'view' in /eventwinner/index.php , where attacker input can be reflected to retrieve stored information. Documents identify the affected product...
CVE-2024-33989
The CVE-2024-33989 entry describes a Cross-Site Scripting (XSS) vulnerability in School Event Management System 1.0. The issue arises from untrusted input in the port/event_print.php endpoint, specifically the eventdate and events parameters, enabling an authenticated user’s browser session to be...
CVE-2024-33965
CVE-2024-33965 is a SQL injection in the PayPal, Credit Card and Debit Card Payment system (version 1.0) by janobe, exposed via the /tubigangarden/admin/mod_accomodation/index.php?view parameter. Multiple connected sources corroborate that a specially crafted query can exfiltrate stored data. Pub...
CVE-2024-33971
CVE-2024-33971 describes an SQL injection vulnerability in the PayPal, Credit Card and Debit Card Payment software (version 1.0, janobe products) where an attacker can exploit the username parameter passed to the /login.php endpoint to retrieve data. Documents consistently tie this to SQL injecti...
CVE-2024-33990
CVE-2024-33990 describes a Cross-Site Scripting (XSS) vulnerability in School Event Management System v1.0 . The issue can be triggered by an authenticated user who receives a specially crafted payload via the id and view parameters in /user/index.php , allowing an attacker to partially take over...
CVE-2024-33994
The CVE-2024-33994 describes a Cross-Site Scripting (XSS) vulnerability in School Event Management System version 1.0. The issue is triggered by crafting a URL that targets the view parameter in /event/index.php, enabling an attacker to obtain a victim’s session details. The NVD entry lists the a...
CVE-2024-33968
CVE-2024-33968 describes a SQL injection in the PayPal, Credit Card and Debit Card Payment app (version 1.0) from Janobe. The vulnerability is exploitable via the AttendanceMonitoring/report/index.php endpoint, specifically through the Attendance and YearLevel parameters, allowing retrieval of da...
CVE-2024-33986
The CVE-2024-33986 issue is a Cross-Site Scripting (XSS) vulnerability in Janobe-based School Attendance Monitoring System and School Event Management System (version 1.0). The root cause is untrusted input in the web interface that can be injected via the View parameter in /department/index.php,...
CVE-2024-33982
The CVE-2024-33982 entry corresponds to an XSS flaw in School Attendance Monitoring System v1.0 and School Event Management System v1.0. The vulnerability arises from unsafely handling the StudentID parameter in /AttendanceMonitoring/student/controller.php, enabling an attacker to craft a URL to ...
CVE-2024-33985
CVE-2024-33985 is a Cross-Site Scripting (XSS) vulnerability in Janobe’s School Attendance Monitoring System and School Event Management System (version 1.0). A crafted URL can cause the victim to disclose session cookies via the View parameter in /course/index.php. Documents confirm affected pro...
CVE-2024-33984
CVE-2024-33984 affects School Attendance Monitoring System and School Event Management System v1.0. A Cross-Site Scripting (XSS) flaw exists in the /AttendanceMonitoring/report/index.php endpoint, exploitable via the Attendance, attenddate, and YearLevel parameters to exfiltrate session cookies. ...