27 matches found
CVE-2023-3176
CVE-2023-3176 affects SourceCodester Lost and Found Information System 1.0. The vulnerability is an SQL injection in the admin\user\manage_user.php function, triggered by manipulating the id parameter. It can be exploited remotely and the exploit has been publicly disclosed. Affected component is...
CVE-2023-3177
CVE-2023-3177 affects SourceCodester Lost and Found Information System 1.0. Affected component: admin/inquiries/view_inquiry.php. Root cause: SQL injection due to improper handling of input in that file, enabling remote exploitation. Exploitability is high; attack vector is network with no user i...
CVE-2023-2652
CVE-2023-2652 affects SourceCodester Lost and Found Information System 1.0. The vulnerability is an SQL injection in an unknown function of the file /classes/Master.php?f=delete_item, enabling remote exploitation with no user interaction. Several connected entries corroborate the issue; CVSS metr...
CVE-2023-3679
The CVE concerns SourceCodester Lost and Found Information System 1.0. Affected component: the HTTP POST Request Handler, specifically the file /classes/Master.php?f=save_inquiry. The vulnerability arises from manipulating the argument id, leading to SQL injection that can be triggered remotely. ...
CVE-2023-2698
SourceCodester Lost and Found Information System 1.0 has a SQL injection vulnerability in the GET Parameter Handler at admin/?page=items/manage_item via the id parameter. The issue is exploitable remotely, with public disclosure of exploits. Multiple sources (NVD, Red Hat advisory, CVE lists, and...
CVE-2023-33676
Sourcecodester Lost and Found Information System, Version 1.0, is vulnerable to unauthenticated SQL injection in the endpoint /items/view (parameter id) via the query string ?page=items/view&id=*, which can escalate to remote command execution. Affected software/component: Sourcecodester Lost and...
CVE-2023-2699
CVE-2023-2699 affects SourceCodester Lost and Found Information System 1.0. The vulnerability is an SQL injection in the GET parameter handler for admin/?page=items/view_item, caused by unsafely constructed SQL with the id argument. Exploitation can be remote; CVSS metrics in the initial data ind...
CVE-2024-37856
CVE-2024-37856 : A stored XSS in Lost and Found Information System 1.0 affects the users’ profile fields (first, last, middle name) on the User Profile page, enabling a remote attacker to escalate privileges. The vulnerability is triggered via input into profile name fields and has been demonstra...
CVE-2023-3850
The CVE-2023-3850 entry concerns SourceCodester Lost and Found Information System 1.0. A vulnerability exists in the HTTP POST handler, specifically the /classes/Master.php?f=delete_category endpoint, where manipulating the id parameter leads to SQL injection. Affected functionality is an unknown...
CVE-2023-3018
CVE-2023-3018 pertains to the SourceCodester Lost and Found Information System 1.0. The vulnerability affects the endpoint /admin/?page=user/list, where improper access controls allow remote manipulation, enabling privilege escalation to access admin functionalities. Multiple connected sources co...
CVE-2023-2668
CVE-2023-2668 affects SourceCodester Lost and Found Information System 1.0. The vulnerability resides in the GET Parameter Handler, specifically the function manager_category at admin/?page=categories/manage_category, where unsafely handling the id parameter enables SQL injection. The issue can b...
CVE-2023-3680
CVE-2023-3680 affects SourceCodester Lost and Found Information System 1.0. A SQL injection vulnerability exists in the HTTP POST Request Handler, specifically in /classes/Master.php?f=save_item via the id parameter. Exploitation could be remote and impact confidentiality, integrity, and availabi...
CVE-2024-37858
CVE-2024-37858 describes an SQL injection in Lost and Found Information System 1.0. The vulnerability exists in the id parameter of php-lfis/admin/categories/manage_category.php, enabling a remote attacker to escalate privileges. Public references indicate an unauthenticated, blind time-based SQL...
CVE-2024-37859
CVE-2024-37859 affects Lost and Found Information System version 1.0. The vulnerability is a Cross Site Scripting flaw exposed via the page parameter to php-lfis/admin/index.php, enabling a remote attacker to escalate privileges. The exploitation details and affected endpoint are corroborated by ...
CVE-2023-2653
CVE-2023-2653 affects SourceCodester Lost and Found Information System 1.0. The vulnerability is a SQL injection in the file items/index.php triggered by manipulating the cid parameter, allowing remote exploitation. Public exploit/disclosure is noted. Multiple connected sources corroborate the is...
CVE-2023-2670
CVE-2023-2670 affects SourceCodester Lost and Found Information System v1.0, with an improper access control issue in the admin/?page=user/manage_user path. The vulnerability enables remote exploitation and is conditioned on unknown code, with the exploit publicly disclosed (VDB-228886). Multiple...
CVE-2023-2672
CVE-2023-2672 affects SourceCodester Lost and Found Information System 1.0, specifically the file items/view.php’s GET parameter handler. The vulnerability arises from improper handling of the id parameter, enabling SQL injection that can be triggered remotely. Public exploits have been disclosed...
CVE-2023-3017
CVE-2023-3017 affects SourceCodester Lost and Found Information System 1.0, specifically the Manage User Page endpoint (admin/?page=user/manage_user). The issue is a basic cross-site scripting (XSS) vulnerability arising from manipulation of the First Name/Middle Name/Last Name fields, reported a...
CVE-2024-37857
CVE-2024-37857 describes a SQL Injection in Lost and Found Information System 1.0 . The vulnerability is triggered via the id parameter to php-lfis/admin/categories/view_category.php , enabling a remote attacker to escalate privileges. Documented characteristics (CVSS v3.1: Network, Privileges Re...
CVE-2023-2667
CVE-2023-2667 affects SourceCodester Lost and Found Information System 1.0. The vulnerability arises from cross-site scripting in the admin/ functionality triggered by manipulating the page parameter. It is described as exploitable remotely, with public disclosure of the exploit. Multiple connect...
CVE-2023-2669
SourceCodester Lost and Found Information System 1.0 contains a SQL injection in the GET Parameter Handler, specifically the admin/?page=categories/view_category path, where manipulating the id parameter enables remote exploitation. Multiple connected sources confirm the flaw, its exploitation ma...
CVE-2023-33592
Summary (CVE-2023-33592) : The Lost and Found Information System v1.0 contains a SQL injection vulnerability in the web admin page at /php-lfis/admin/?page=system_info/contact_information. This is the underlying issue disclosed across multiple sources; the CVSS v3.1 base score is 9.8 (CRITICAL) w...
CVE-2023-33677
CVE-2023-33677 affects Sourcecodester Lost and Found Information System v1.0. The vulnerability is an unauthenticated SQL Injection exposed at the API endpoint ?page=items/view&id=. The root cause is improper input handling for the id parameter, allowing crafted input to influence database querie...
CVE-2023-2671
CVE-2023-2671 affects SourceCodester Lost and Found Information System v1.0. The vulnerability is in the Contact Form component, specifically the file classes/Master.php?f=save_inquiry, where manipulation of the fullname, contact, or message parameters leads to cross-site scripting (XSS). The att...
CVE-2023-36159
CVE-2023-36159 affects sourcecodester Lost and Found Information System 1.0. It is a Cross Site Scripting (XSS) vulnerability exploitable via the First Name, Middle Name, and Last Name fields on the Create User page. Root cause: insufficient input validation/sanitization. Impact: remote attackers...
CVE-2023-38965
CVE-2023-38965 affects Lost and Found Information System v1.0. The vulnerability is an insecure direct object reference at the API endpoint /classes/Users.php?f=save, which allows account takeover by supplying a crafted username and password (IDOR). Public references include Exploit-DB and Packet...
CVE-2023-5018
SourceCodester Lost and Found Information System 1.0 has a SQL injection in the POST Parameter Handler, specifically via the id parameter in /classes/Master.php?f=save_category. The issue is triggered by manipulating id, enabling remote exploitation and impacting confidentiality, integrity, and a...