7 matches found
CVE-2024-5121
SourceCodester Event Registration System 1.0 contains a cross-site scripting vulnerability in the /registrar/?page=registration endpoint, caused by unsafe handling of the e parameter. The vulnerability is exploitable remotely and has been publicly disclosed. Several sources confirm the issue, inc...
CVE-2024-5118
CVE-2024-5118 affects SourceCodester Event Registration System 1.0. The vulnerability is in the /admin/login.php login logic where manipulating the username and password parameters leads to an SQL injection. It is described as remote, with public exposure (exploit disclosed). Multiple connected s...
CVE-2024-5119
SourceCodester Event Registration System 1.0 contains a SQL injection in /classes/Master.php?f=load_registration where the last_id/event_id parameter is manipulated. The issue is triggered by unsafely handling user input, allowing remote exploitation; multiple sources (NVD and CVE listings) confi...
CVE-2024-5123
The CVE-2024-5123 entry concerns SourceCodester Event Registration System 1.0. A vulnerability in the /registrar/ area is triggered by manipulating the searchbar argument, resulting in cross-site scripting (XSS). The issue is exploitable remotely, and public disclosure exists (VDB-265203). Severa...
CVE-2024-5117
CVE-2024-5117 affects SourceCodester Event Registration System 1.0, with an SQL Injection in portal.php triggered by manipulating username/password. Root cause: unsanitized input in portal.php allows remote attacker to exploit SQL queries. Impact: high (C, I, A implications in CVSS), potential re...
CVE-2024-5120
CVE-2024-5120 affects SourceCodester Event Registration System 1.0. The vulnerability is an SQL injection in the file /registrar/?page=registration via the e parameter. It can be exploited remotely, and public disclosures exist. Connected sources corroborate an unknown function in the endpoint as...
CVE-2024-5122
The CVE-2024-5122 entry concerns SourceCodester Event Registration System 1.0 where the /registrar/ endpoint’s search parameter is susceptible to SQL injection. The root cause is a manipulated search argument leading to SQL injection, allowing remote exploitation (attack vector: network; no user ...