Oretnom23 Security Vulnerabilities

CVE-2023-38965

Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save...

CVE-2023-46435

Sourcecodester Packers and Movers Management System v1.0 is vulnerable to SQL Injection via...

CVE-2022-37796

In Simple Online Book Store System 1.0 in /admin_book.php the Title, Author, and Description parameters are vulnerable to Cross Site...

CVE-2021-44653

Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability. The Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to gain access as admin to the...

CVE-2023-24200

Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at...

CVE-2021-45252

Multiple SQL injection vulnerabilities are found on Simple Forum-Discussion System 1.0 For example on three applications which are manage_topic.php, manage_user.php, and ajax.php. The attacker can be retrieving all information from the database of this system by using this...

CVE-2023-24202

Raffle Draw System v1.0 was discovered to contain a local file inclusion vulnerability via the page parameter in...

CVE-2023-24201

Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at...

CVE-2023-24199

Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at...

CVE-2023-24198

Raffle Draw System v1.0 was discovered to contain multiple SQL injection vulnerabilities at save_winner.php via the ticket_id and draw...

CVE-2023-31704

Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control, which allows remote attackers to elevate privileges to the administrator's...

CVE-2023-31857

Sourcecodester Online Computer and Laptop Store 1.0 allows unrestricted file upload and can lead to remote code execution. The vulnerability path is...

CVE-2023-34581

Sourcecodester Service Provider Management System v1.0 is vulnerable to SQL Injection via the ID parameter in...

CVE-2022-45033

A cross-site scripting (XSS) vulnerability in Expense Tracker 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat text...

CVE-2023-44048

Sourcecodester Expense Tracker App v1 is vulnerable to Cross Site Scripting (XSS) via add...

CVE-2023-30415

Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at...

CVE-2023-43457

An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/...

CVE-2023-43456

Cross Site Scripting vulnerability in Service Provider Management System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the firstname, middlename and lastname parameters in the /php-spms/admin/?page=user...

CVE-2023-36159

Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User...

CVE-2023-33592

Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component...

CVE-2022-3015

A vulnerability, which was classified as problematic, has been found in oretnom23 Fast Food Ordering System. This issue affects some unknown processing of the file admin/?page=reports. The manipulation of the argument date leads to cross site scripting. The attack may be initiated remotely. The...

CVE-2022-3012

A vulnerability was found in oretnom23 Fast Food Ordering System. It has been rated as critical. Affected by this issue is some unknown functionality of the file ffos/admin/reports/index.php. The manipulation of the argument date leads to sql injection. The attack may be launched remotely. The...

CVE-2022-2686

A vulnerability, which was classified as problematic, was found in oretnom23 Fast Food Ordering System. This affects an unknown part of the component Menu List Page. The manipulation of the argument Description leads to cross site scripting. It is possible to initiate the attack remotely. The...