5 matches found
CVE-2023-24199
CVE-2023-24199 affects Raffle Draw System v1.0 with a SQL injection vulnerability in the delete_ticket.php page through the id parameter. The CVSS v3.1 base score is 9.8 (CRITICAL) with network attack-vector, no user interaction, and no privileges required; impact to confidentiality, integrity, a...
CVE-2023-24202
CVE-2023-24202 affects Raffle Draw System v1.0, whose vulnerability is a local file inclusion (LFI) via the page parameter in index.php. The cited sources consistently describe an LFI issue that could allow an attacker to access or include local files, potentially leading to data exposure or code...
CVE-2023-24200
CVE-2023-24200 affects Raffle Draw System v1.0. The vulnerability is a SQL injection via the id parameter in save_ticket.php, with affected component/entry point identified in multiple sources. According to CVSS 3.1 metrics, it is a CRITICAL (9.8) impact across confidentiality, integrity, and ava...
CVE-2023-24198
CVE-2023-24198 affects Raffle Draw System v1.0 through multiple SQL injection flaws in save_winner.php, exploitable via the ticket_id and draw parameters. The underlying cause is unsafe SQL construction for these inputs, leading to potential data disclosure, modification, or denial of service (pe...
CVE-2023-24201
CVE-2023-24201 affects Raffle Draw System v1.0. The connected documents confirm a SQL injection vulnerability exploitable via the id parameter in get_ticket.php, leading to high-severity impact across confidentiality, integrity, and availability (CVSS v3.1: 9.8, NETWORK, NONE/LOW conditions). The...