Lucene search
K
Oretnom23Lost And Found Information System

27 matches found

CVE
CVE
added 2023/06/09 5:31 a.m.148 views

CVE-2023-3176

CVE-2023-3176 affects SourceCodester Lost and Found Information System 1.0. The vulnerability is an SQL injection in the admin\user\manage_user.php function, triggered by manipulating the id parameter. It can be exploited remotely and the exploit has been publicly disclosed. Affected component is...

8.8CVSS7.8AI score0.00728EPSS
CVE
CVE
added 2023/06/09 6:0 a.m.148 views

CVE-2023-3177

CVE-2023-3177 affects SourceCodester Lost and Found Information System 1.0. Affected component: admin/inquiries/view_inquiry.php. Root cause: SQL injection due to improper handling of input in that file, enabling remote exploitation. Exploitability is high; attack vector is network with no user i...

8.8CVSS7.3AI score0.00728EPSS
CVE
CVE
added 2023/05/11 8:31 a.m.134 views

CVE-2023-2652

CVE-2023-2652 affects SourceCodester Lost and Found Information System 1.0. The vulnerability is an SQL injection in an unknown function of the file /classes/Master.php?f=delete_item, enabling remote exploitation with no user interaction. Several connected entries corroborate the issue; CVSS metr...

9.8CVSS8.4AI score0.00726EPSS
Web
CVE
CVE
added 2023/07/15 8:31 a.m.66 views

CVE-2023-3679

The CVE concerns SourceCodester Lost and Found Information System 1.0. Affected component: the HTTP POST Request Handler, specifically the file /classes/Master.php?f=save_inquiry. The vulnerability arises from manipulating the argument id, leading to SQL injection that can be triggered remotely. ...

9.8CVSS8.2AI score0.00418EPSS
Web
CVE
CVE
added 2023/05/14 11:31 a.m.63 views

CVE-2023-2698

SourceCodester Lost and Found Information System 1.0 has a SQL injection vulnerability in the GET Parameter Handler at admin/?page=items/manage_item via the id parameter. The issue is exploitable remotely, with public disclosure of exploits. Multiple sources (NVD, Red Hat advisory, CVE lists, and...

9.8CVSS8.4AI score0.0082EPSS
Web
CVE
CVE
added 2024/03/07 12:0 a.m.60 views

CVE-2023-33676

Sourcecodester Lost and Found Information System, Version 1.0, is vulnerable to unauthenticated SQL injection in the endpoint /items/view (parameter id) via the query string ?page=items/view&id=*, which can escalate to remote command execution. Affected software/component: Sourcecodester Lost and...

8.4CVSS8.4AI score0.00672EPSS
Web
CVE
CVE
added 2023/05/14 12:0 p.m.59 views

CVE-2023-2699

CVE-2023-2699 affects SourceCodester Lost and Found Information System 1.0. The vulnerability is an SQL injection in the GET parameter handler for admin/?page=items/view_item, caused by unsafely constructed SQL with the id argument. Exploitation can be remote; CVSS metrics in the initial data ind...

9.8CVSS8.2AI score0.0082EPSS
Web
CVE
CVE
added 2024/07/29 12:0 a.m.59 views

CVE-2024-37856

CVE-2024-37856 : A stored XSS in Lost and Found Information System 1.0 affects the users’ profile fields (first, last, middle name) on the User Profile page, enabling a remote attacker to escalate privileges. The vulnerability is triggered via input into profile name fields and has been demonstra...

5.4CVSS6.5AI score0.00351EPSS
CVE
CVE
added 2023/07/23 10:0 a.m.58 views

CVE-2023-3850

The CVE-2023-3850 entry concerns SourceCodester Lost and Found Information System 1.0. A vulnerability exists in the HTTP POST handler, specifically the /classes/Master.php?f=delete_category endpoint, where manipulating the id parameter leads to SQL injection. Affected functionality is an unknown...

9.8CVSS8.3AI score0.00418EPSS
Web
CVE
CVE
added 2023/05/31 2:31 p.m.56 views

CVE-2023-3018

CVE-2023-3018 pertains to the SourceCodester Lost and Found Information System 1.0. The vulnerability affects the endpoint /admin/?page=user/list, where improper access controls allow remote manipulation, enabling privilege escalation to access admin functionalities. Multiple connected sources co...

8.8CVSS7.6AI score0.00735EPSS
Web
CVE
CVE
added 2023/05/12 7:0 a.m.55 views

CVE-2023-2668

CVE-2023-2668 affects SourceCodester Lost and Found Information System 1.0. The vulnerability resides in the GET Parameter Handler, specifically the function manager_category at admin/?page=categories/manage_category, where unsafely handling the id parameter enables SQL injection. The issue can b...

9.8CVSS8.2AI score0.00819EPSS
Web
CVE
CVE
added 2023/07/15 9:0 a.m.55 views

CVE-2023-3680

CVE-2023-3680 affects SourceCodester Lost and Found Information System 1.0. A SQL injection vulnerability exists in the HTTP POST Request Handler, specifically in /classes/Master.php?f=save_item via the id parameter. Exploitation could be remote and impact confidentiality, integrity, and availabi...

9.8CVSS8.3AI score0.00418EPSS
Web
CVE
CVE
added 2024/07/29 12:0 a.m.55 views

CVE-2024-37858

CVE-2024-37858 describes an SQL injection in Lost and Found Information System 1.0. The vulnerability exists in the id parameter of php-lfis/admin/categories/manage_category.php, enabling a remote attacker to escalate privileges. Public references indicate an unauthenticated, blind time-based SQL...

9.8CVSS8AI score0.00865EPSS
Web
CVE
CVE
added 2024/07/29 12:0 a.m.54 views

CVE-2024-37859

CVE-2024-37859 affects Lost and Found Information System version 1.0. The vulnerability is a Cross Site Scripting flaw exposed via the page parameter to php-lfis/admin/index.php, enabling a remote attacker to escalate privileges. The exploitation details and affected endpoint are corroborated by ...

6.1CVSS6.8AI score0.00467EPSS
Web
CVE
CVE
added 2023/05/11 8:31 a.m.52 views

CVE-2023-2653

CVE-2023-2653 affects SourceCodester Lost and Found Information System 1.0. The vulnerability is a SQL injection in the file items/index.php triggered by manipulating the cid parameter, allowing remote exploitation. Public exploit/disclosure is noted. Multiple connected sources corroborate the is...

9.8CVSS8.3AI score0.00726EPSS
Web
CVE
CVE
added 2023/05/12 8:0 a.m.52 views

CVE-2023-2670

CVE-2023-2670 affects SourceCodester Lost and Found Information System v1.0, with an improper access control issue in the admin/?page=user/manage_user path. The vulnerability enables remote exploitation and is conditioned on unknown code, with the exploit publicly disclosed (VDB-228886). Multiple...

8.8CVSS7.6AI score0.00799EPSS
Web
CVE
CVE
added 2023/05/12 9:0 a.m.52 views

CVE-2023-2672

CVE-2023-2672 affects SourceCodester Lost and Found Information System 1.0, specifically the file items/view.php’s GET parameter handler. The vulnerability arises from improper handling of the id parameter, enabling SQL injection that can be triggered remotely. Public exploits have been disclosed...

9.8CVSS8.4AI score0.00763EPSS
Web
CVE
CVE
added 2023/05/31 2:31 p.m.52 views

CVE-2023-3017

CVE-2023-3017 affects SourceCodester Lost and Found Information System 1.0, specifically the Manage User Page endpoint (admin/?page=user/manage_user). The issue is a basic cross-site scripting (XSS) vulnerability arising from manipulation of the First Name/Middle Name/Last Name fields, reported a...

5.4CVSS4.3AI score0.00552EPSS
Web
CVE
CVE
added 2024/07/29 12:0 a.m.52 views

CVE-2024-37857

CVE-2024-37857 describes a SQL Injection in Lost and Found Information System 1.0 . The vulnerability is triggered via the id parameter to php-lfis/admin/categories/view_category.php , enabling a remote attacker to escalate privileges. Documented characteristics (CVSS v3.1: Network, Privileges Re...

8.8CVSS8AI score0.00869EPSS
CVE
CVE
added 2023/05/12 6:31 a.m.51 views

CVE-2023-2667

CVE-2023-2667 affects SourceCodester Lost and Found Information System 1.0. The vulnerability arises from cross-site scripting in the admin/ functionality triggered by manipulating the page parameter. It is described as exploitable remotely, with public disclosure of the exploit. Multiple connect...

6.1CVSS4.5AI score0.00661EPSS
Web
CVE
CVE
added 2023/05/12 7:31 a.m.50 views

CVE-2023-2669

SourceCodester Lost and Found Information System 1.0 contains a SQL injection in the GET Parameter Handler, specifically the admin/?page=categories/view_category path, where manipulating the id parameter enables remote exploitation. Multiple connected sources confirm the flaw, its exploitation ma...

9.8CVSS8.3AI score0.00819EPSS
Web
CVE
CVE
added 2023/06/28 12:0 a.m.50 views

CVE-2023-33592

Summary (CVE-2023-33592) : The Lost and Found Information System v1.0 contains a SQL injection vulnerability in the web admin page at /php-lfis/admin/?page=system_info/contact_information. This is the underlying issue disclosed across multiple sources; the CVSS v3.1 base score is 9.8 (CRITICAL) w...

9.8CVSS9.8AI score0.02519EPSS
Web
CVE
CVE
added 2024/03/06 12:0 a.m.50 views

CVE-2023-33677

CVE-2023-33677 affects Sourcecodester Lost and Found Information System v1.0. The vulnerability is an unauthenticated SQL Injection exposed at the API endpoint ?page=items/view&id=. The root cause is improper input handling for the id parameter, allowing crafted input to influence database querie...

7.5CVSS8.1AI score0.00404EPSS
Web
CVE
CVE
added 2023/05/12 8:31 a.m.47 views

CVE-2023-2671

CVE-2023-2671 affects SourceCodester Lost and Found Information System v1.0. The vulnerability is in the Contact Form component, specifically the file classes/Master.php?f=save_inquiry, where manipulation of the fullname, contact, or message parameters leads to cross-site scripting (XSS). The att...

6.1CVSS4.5AI score0.00633EPSS
Web
CVE
CVE
added 2023/08/03 12:0 a.m.46 views

CVE-2023-36159

CVE-2023-36159 affects sourcecodester Lost and Found Information System 1.0. It is a Cross Site Scripting (XSS) vulnerability exploitable via the First Name, Middle Name, and Last Name fields on the Create User page. Root cause: insufficient input validation/sanitization. Impact: remote attackers...

6.1CVSS6AI score0.00645EPSS
CVE
CVE
added 2023/11/03 12:0 a.m.42 views

CVE-2023-38965

CVE-2023-38965 affects Lost and Found Information System v1.0. The vulnerability is an insecure direct object reference at the API endpoint /classes/Users.php?f=save, which allows account takeover by supplying a crafted username and password (IDOR). Public references include Exploit-DB and Packet...

9.8CVSS9.4AI score0.01264EPSS
Web
CVE
CVE
added 2023/09/17 3:31 a.m.39 views

CVE-2023-5018

SourceCodester Lost and Found Information System 1.0 has a SQL injection in the POST Parameter Handler, specifically via the id parameter in /classes/Master.php?f=save_category. The issue is triggered by manipulating id, enabling remote exploitation and impacting confidentiality, integrity, and a...

9.8CVSS7.4AI score0.00425EPSS
Web