Lucene search
K
Oretnom23Banking System

5 matches found

CVE
CVE
added 2022/03/30 10:51 p.m.97 views

CVE-2022-26644

The CVE-2022-26644 entry concerns Online Banking System Protect v1.0 with multiple cross-site scripting (XSS) flaws exploitable through parameters on user profile, system_info, and accounts management. This is documented across multiple sources (NVD/Red Hat and PT Security). Root cause is XSS in ...

6.1CVSS6.1AI score0.0064EPSS
CVE
CVE
added 2022/03/30 10:23 p.m.95 views

CVE-2022-26645

CVE-2022-26645 affects Online Banking System Protect v1.0. The Red Hat entry and other corroborating sources describe a remote code execution via a crafted PHP file uploaded through the Upload Image function, enabling arbitrary code execution on the server. Documented impact is high/severe (RCE) ...

9.8CVSS9.8AI score0.0263EPSS
CVE
CVE
added 2022/03/30 10:47 p.m.87 views

CVE-2022-26646

CVE-2022-26646 affects Online Banking System Protect v1.0 via a local file inclusion (LFI) vulnerability driven by the pages parameter. Several connected sources confirm an unauthenticated LFI that can read internal PHP files and, per an exploit reference, enable privilege escalation from a null ...

9.8CVSS9.1AI score0.01273EPSS
CVE
CVE
added 2022/01/24 5:47 p.m.59 views

CVE-2021-41659

CVE-2021-41659 describes a SQL injection in Sourcecodester Banking System v1 (by oretnom23) allowing arbitrary SQL via the username or password fields. The connected PT-2022-11456 entry confirms the affected software and vectors, stating the vulnerability can enable unauthorized access or data ma...

9.8CVSS10AI score0.01254EPSS
CVE
CVE
added 2025/12/08 7:2 a.m.13 views

CVE-2025-14221

CVE-2025-14221 affects SourceCodester Online Banking System 1.0. The vulnerability is a Cross-Site Scripting (XSS) issue in the user profile page, arising from unsanitized input in the First Name/Last Name fields processed by the /?page=user endpoint. Public exploit code indicates a stored XSS va...

5.4CVSS5.4AI score0.00208EPSS