6 matches found
CVE-2024-8583
CVE-2024-8583 concerns SourceCodester’s Online Bank Management System (1.0). The vulnerability affects an unknown portion of the file /mfeedback.php in the Feedback Handler, where input manipulation leads to cross-site scripting (XSS). It can be exploited remotely, and public disclosures/poC refe...
CVE-2025-9304
SourceCodester Online Bank Management System 1.0 contains a SQL injection vulnerability in the /bank/show.php function, exploitable by manipulating the ID parameter. The issue is exploitable remotely and an exploit has been published publicly, potentially affecting confidentiality, integrity, and...
CVE-2025-9021
SourceCodester Online Bank Management System up to version 1.0 contains a SQL injection in /bank/transfer.php caused by manipulation of the email parameter. The vulnerability is reported as remotely exploitable, with attack complexity low and no privileges required; CVSS data indicates a high-imp...
CVE-2025-9022
The vulnerability (CVE-2025-9022) affects SourceCodester Online Bank Management System up to version 1.0. The issue is an SQL injection in the /bank/statements.php endpoint, triggered by manipulating the email parameter. This could be exploited remotely, impacting confidentiality, integrity, and ...
CVE-2025-9305
CVE-2025-9305 affects SourceCodester Online Bank Management System 1.0. The vulnerability is a SQL injection in the unknown function of /bank/mnotice.php triggered by manipulating the ID parameter. It is exploitable remotely and exploits have been publicly disclosed. Evidence from multiple source...
CVE-2025-9473
SourceCodester Online Bank Management System 1.0 has a SQL injection in /feedback.php triggered by manipulating the msg parameter. The vulnerability is remote and has public exploit discussion. Multiple sources describe the issue and its impact on confidentiality, integrity, and availability as h...