34 matches found
CVE-2022-36728
CVE-2022-36728 affects Library Management System v1.0. The vulnerability is a SQL injection in the RollNo parameter of /staff/delstu.php. Root cause: improper handling of input leading to SQL injection. Impact is aligned with high/critical severity in the supplied metrics. Affected product/versio...
CVE-2022-36725
CVE-2022-36725 affects Library Management System v1.0, where a SQL injection vulnerability exists in the M_Id parameter of the /student/dele.php endpoint. The NVD entry reports a CVSS v3.1 base score of 9.8 (CRITICAL) with network attack vector, no user interaction, and high impact on confidentia...
CVE-2022-36729
CVE-2022-36729 affects Library Management System v1.0, where a SQL injection is exposed via the M_Id parameter in /librarian/del.php. The vulnerability stems from unsafely handling the M_Id input, enabling attacker-controlled SQL execution. The CVSS 3.1 data in the initial record indicates a crit...
CVE-2022-2214
Overview: CVE-2022-2214 affects the SourceCodester Library Management System 1.0. Vulnerability: SQL injection in the /librarian/bookdetails.php endpoint via the id parameter (e.g., ' AND (SELECT 9198 FROM (SELECT(SLEEP(5)))iqZA)-- PbtB ), allowing remote attacker input to alter SQL logic. Impact...
CVE-2022-36719
The CVE-2022-36719 entry concerns Library Management System v1.0 with a SQL injection in the ok parameter of /admin/history.php. The user-facing impact is high (CVE metrics show CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and the vulnerability could allow remote exploitation without user inter...
CVE-2022-36709
CVE-2022-36709 affects Library Management System v1.0. A SQL injection vulnerability exists in the id parameter of /staff/edit_book_details.php. The NVD entry lists CVSS 3.1 base score 9.8 (CRITICAL) with network exposure, no privileges required, and no user interaction, impacting confidentiality...
CVE-2020-28073
CVE-2020-28073 affects SourceCodester Library Management System 1.0. The vulnerability is a SQL injection in the login/authentication flow that allows an attacker to bypass authentication and impersonate any user. The attack is demonstrated in public references (e.g., PacketStorm) with a repro sh...
CVE-2022-36711
CVE-2022-36711 affects Library Management System v1.0, where a SQL injection vulnerability exists via the id parameter on the /staff/bookdetails.php endpoint. The root cause is unsanitized input leading to potential unauthorized data access or manipulation, with the CVSS 3.1 base metrics indicati...
CVE-2022-36715
CVE-2022-36715 affects Library Management System v1.0, with a SQL injection vulnerability exposed through the name parameter in /admin/search.php. The issue, as described in the CVE records and corroborating sources, indicates that unsanitized input allows attacker-controlled SQL execution, posin...
CVE-2022-2491
CVE-2022-2491 affects SourceCodester Library Management System 1.0 (lab.php). A SQL injection is triggered by manipulating the Section argument with the input 1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x71716b7171,0x546e4444736b7743575a666d4873746a6450616261527a6762794442694650724566414...
CVE-2022-2492
The connected documents confirm a SQL injection vulnerability in SourceCodester Library Management System 1.0, specifically via the RollNo parameter in /index.php. The input (e.g., admin' AND (SELECT 2625 FROM (SELECT(SLEEP(5)))MdIL) AND 'KXmq'='KXmq) can be injected to manipulate the query, enab...
CVE-2022-36730
CVE-2022-36730 affects Library Management System v1.0, with a SQL injection vulnerability in the /librarian/delete.php endpoint exposed via the bookId parameter. The root cause is unsanitized input leading to SQL injection, enabling an attacker to potentially read/modify data or impact availabili...
CVE-2022-2212
CVE-2022-2212 affects SourceCodester Library Management System 1.0, specifically the /card/index.php component. The vulnerability arises from lack of validation of the image parameter during file upload, enabling unrestricted file uploads. This could allow remote attackers to upload malicious fil...
CVE-2022-36712
CVE-2022-36712 pertains to Library Management System v1.0, where the vulnerability is a SQL injection via the id parameter in the endpoint /staff/studentdetails.php. The connected documents consistently describe the issue as an input-injection flaw that could affect data confidentiality, integrit...
CVE-2022-36657
CVE-2022-36657 affects Library Management System v1.0. The vulnerability is a cross-site scripting (XSS) flaw in the component /librarian/edit_book_details.php. Root cause details are not fully specified in the provided documents. Potential impact is XSS in the user context; no exploitation detai...
CVE-2022-36716
CVE-2022-36716 affects Library Management System v1.0, with a disclosed SQL injection in the id parameter of /admin/changestock.php. The root cause is unsanitized input leading to query manipulation. The CVSS 3.1 vector indicates critical severity (CRITICAL, AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ...
CVE-2022-36722
CVE-2022-36722 affects Library Management System v1.0, where a SQL injection can be triggered via the title parameter in /librarian/history.php. Root cause: improper handling of the title input allowing SQL manipulation, leading to potential unauthorized data access and tampering. Impact (per CVS...
CVE-2022-37794
CVE-2022-37794 affects Library Management System 1.0. The /card/in-card.php endpoint with the id_no parameter is vulnerable to SQL injection due to unsafeguarded input handling, enabling potential impact to confidentiality, integrity, and availability (per NVD: CVSS 3.1 base score 9.8). No remedi...
CVE-2022-2213
The CVE-2022-2213 entry concerns SourceCodester Library Management System 1.0. Affects the admin/edit_admin_details.php?id=admin function, where manipulating the Name parameter enables cross-site scripting (XSS). The vulnerability is exploitable remotely and the exploit has been published publicl...
CVE-2022-36721
CVE-2022-36721 affects Library Management System v1.0. It is a SQL injection vulnerability in the Textbook parameter handled at /admin/modify.php. The CVSS‑3.1 base score is 8.8 (HIGH) with Network attack vector, Low attack complexity, Privileges Required: LOW, and impacts to Confidentiality, Int...
CVE-2022-36727
CVE-2022-36727 affects Library Management System v1.0, where a SQL injection vulnerability exists in the /staff/delete.php endpoint via the bookId parameter. The vulnerability exposes potential disclosure, modification, and disruption of data (per the CVSS 3.1 base score of 9.8, with HIGH confide...
CVE-2022-2774
CVE-2022-2774: A SQL injection in SourceCodester Library Management System affects the librarian/student.php file via manipulation of the title parameter. The vulnerability is described as critical with remote exploitation capability. The available documents consistently report SQL injection as t...
CVE-2022-36735
CVE-2022-36735 affects Library Management System v1.0. A SQL injection vulnerability exists in the /admin/delete.php endpoint via the bookId parameter, enabling attacker-controlled input to influence SQL queries. The CVSSv3.1 impact metrics indicate a CRITICAL severity (9.8) with network attack v...
CVE-2018-18796
The CVE-2018-18796 entry corresponds to a SQL Injection vulnerability in Library Management System 1.0, exploitable via the frmListBooks/Search for Books path. Public details show the vulnerability arises from unsafe SQL construction in the frmListBooks flow (e.g., textSearch input), with PoC and...
CVE-2022-36708
The CVE-2022-36708 entry affects Library Management System v1.0. A SQL injection vulnerability exists in the Id parameter of /student/bookdetails.php, enabling an attacker to execute arbitrary SQL queries remotely without authentication. The issue is categorized as high impact (C, I, A) with netw...
CVE-2022-36714
CVE-2022-36714 affects Library Management System v1.0, with a SQL injection vulnerability in the Section parameter of /staff/lab.php. The issue is confirmed by multiple sources; CVSS 3.1 base score 9.8 (critical) with NETWORK attack vector, no user interaction, and impact to confidentiality, inte...
CVE-2022-36734
CVE-2022-36734 affects Library Management System v1.0 via a SQL injection in the RollNo parameter handled by /admin/delstu.php. The NVD entry lists a critical CVSS v3.1 score (9.8) with network attack vector and high impacts on confidentiality, integrity, and availability; no exploitation details...
CVE-2022-36704
Summary: CVE-2022-36704 affects Library Management System v1.0, with a SQL injection flaw exploitable via the Id parameter in /librarian/studentdetails.php. Root cause: unsanitized input leading to arbitrary SQL execution. Impact is stated as high in CVSS (CONF: HIGH, INTEG: HIGH, AVAIL: HIGH; sc...
CVE-2022-36720
CVE-2022-36720 affects Library Management System v1.0, with a SQL injection vulnerability in the id parameter of /admin/modify1.php. The CVSS v3.1 vector indicates a network-attackable, low-privileges, no user interaction, with high impact on confidentiality, integrity, and availability (8.8 base...
CVE-2022-36732
CVE-2022-36732 affects Library Management System v1.0, with a SQL injection in the id parameter of /librarian/dele.php. The vulnerability is confirmed across multiple sources in the connected set, and the NVD entry lists a CVSS v3.1 base score of 9.8 (CRITICAL) with network attack vector, no user...
CVE-2022-36713
CVE-2022-36713 affects Library Management System v1.0, where a SQL injection can be triggered via the Section parameter in /librarian/lab.php. The CVE is substantiated across multiple feeds, with CVSS v3.1 base score 9.8 (CRITICAL) and impact on confidentiality, integrity, and availability (all H...
CVE-2022-36731
The CVE-2022-36731 entry concerns Library Management System v1.0 with a SQL injection vulnerability via the RollNo parameter at /librarian/delstu.php. Affects the library management software’s input handling for RollNo, enabling potentially unauthenticated access to manipulate queries. CVSS 3.1 m...
CVE-2022-36733
CVE-2022-36733 affects Library Management System v1.0, with a SQL injection vulnerability exploitable via the M_Id parameter at /admin/del.php. Multiple sources (NVD, Red Hat, PRION/PT-Protection, CNNVD) confirm a high-severity issue (CVSS v3.1: 9.8, network/low complexity, no privileges required...
CVE-2022-2768
CVE-2022-2768: Cross-site scripting in SourceCodester Library Management System, triggered by manipulation of the error argument in the file /qr/I/ (unknown code path). Exploitation is described as remote. Multiple sources (NVD, Red Hat, CVE listings, PRION/PT-Security) consistently identify this...