5 matches found
CVE-2022-26644
The CVE-2022-26644 entry concerns Online Banking System Protect v1.0 with multiple cross-site scripting (XSS) flaws exploitable through parameters on user profile, system_info, and accounts management. This is documented across multiple sources (NVD/Red Hat and PT Security). Root cause is XSS in ...
CVE-2022-26645
CVE-2022-26645 affects Online Banking System Protect v1.0. The Red Hat entry and other corroborating sources describe a remote code execution via a crafted PHP file uploaded through the Upload Image function, enabling arbitrary code execution on the server. Documented impact is high/severe (RCE) ...
CVE-2022-26646
CVE-2022-26646 affects Online Banking System Protect v1.0 via a local file inclusion (LFI) vulnerability driven by the pages parameter. Several connected sources confirm an unauthenticated LFI that can read internal PHP files and, per an exploit reference, enable privilege escalation from a null ...
CVE-2021-41659
CVE-2021-41659 describes a SQL injection in Sourcecodester Banking System v1 (by oretnom23) allowing arbitrary SQL via the username or password fields. The connected PT-2022-11456 entry confirms the affected software and vectors, stating the vulnerability can enable unauthorized access or data ma...
CVE-2025-14221
CVE-2025-14221 affects SourceCodester Online Banking System 1.0. The vulnerability is a Cross-Site Scripting (XSS) issue in the user profile page, arising from unsanitized input in the First Name/Last Name fields processed by the /?page=user endpoint. Public exploit code indicates a stored XSS va...