Lucene search
K
Oretnom23Simple Online Bidding System

17 matches found

CVE
CVE
added 2024/03/01 6:31 p.m.90 views

CVE-2024-2077

The CVE-2024-2077 entry concerns SourceCodester Simple Online Bidding System 1.0. Affected component: index.php, where manipulating the category_id parameter enables SQL injection. Impact stated as high confidentiality, integrity, and availability risk, with remote exploitation possible and explo...

9.8CVSS6.8AI score0.00658EPSS
CVE
CVE
added 2024/06/24 3:0 a.m.60 views

CVE-2024-6280

SourceCodester Simple Online Bidding System 1.0 contains a vulnerability in /admin/ajax.php?action=save_settings where manipulating the img parameter enables unrestricted file upload. The issue is exploitable remotely and has been disclosed publicly. Multiple feeds (NVD, CVE/CVELIST, Red Hat, Vul...

9.8CVSS6.8AI score0.00665EPSS
Web
CVE
CVE
added 2024/05/16 4:31 a.m.56 views

CVE-2024-4931

CVE-2024-4931 affects SourceCodester Simple Online Bidding System 1.0. The vulnerability is in the admin endpoint /simple-online-bidding-system/admin/index.php?page=view_udet, where manipulation of the id parameter leads to SQL injection. Attackers can exploit this remotely, and public disclosure...

9.8CVSS7.3AI score0.00596EPSS
Web
CVE
CVE
added 2024/08/14 11:31 p.m.55 views

CVE-2024-7799

SourceCodester Simple Online Bidding System 1.0 contains a vulnerability in the file /simple-online-bidding-system/bidding/admin/users.php that leads to improper authorization. The issue can be exploited remotely and a public exploit has been disclosed. Public remediation status is not confirmed ...

7.3CVSS5.4AI score0.00561EPSS
CVE
CVE
added 2024/05/16 3:31 a.m.54 views

CVE-2024-4929

SourceCodester Simple Online Bidding System v1.0 has a cross-site request forgery (CSRF) vulnerability in admin/ajax.php?action=save_user. The flaw permits remote initiation and, per the CVE description, an exploit has been disclosed publicly. Multiple sources corroborate that the issue affects a...

6.9CVSS6.7AI score0.00337EPSS
Web
CVE
CVE
added 2024/05/16 2:31 a.m.51 views

CVE-2024-4927

CVE-2024-4927 affects SourceCodester Simple Online Bidding System 1.0. The issue resides in an unknown functionality of the file /simple-online-bidding-system/admin/ajax.php?action=save_product, enabling unrestricted file uploads and allowing remote exploitation. Multiple sources note this as a c...

9.8CVSS6.8AI score0.00787EPSS
Web
CVE
CVE
added 2024/06/30 10:31 p.m.49 views

CVE-2024-6417

The CVE-2024-6417 entry concerns SourceCodester Simple Online Bidding System 1.0. The vulnerability is a SQL injection in the admin endpoint /admin/ajax.php?action=delete_user triggered by the id parameter. It is described as remote, with public exploit availability. Impact is SQL injection; in t...

7.5CVSS6.9AI score0.00453EPSS
Web
CVE
CVE
added 2024/08/14 11:31 p.m.49 views

CVE-2024-7800

This CVE concerns SourceCodester Simple Online Bidding System 1.0. A SQL injection vulnerability exists in the admin endpoint /simple-online-bidding-system/bidding/admin/ajax.php?action=delete_product, triggered by manipulating the id parameter. The issue is exploitable remotely and affects the c...

7.5CVSS6.8AI score0.00442EPSS
Web
CVE
CVE
added 2024/05/16 4:31 a.m.48 views

CVE-2024-4932

CVE-2024-4932 : Concrete details show a SQL injection in SourceCodester Simple Online Bidding System 1.0. The vulnerability affects the file /simple-online-bidding-system/admin/index.php?page=manage_user where the id parameter manipulation leads to injection. It allows remote exploitation, and th...

9.8CVSS7.3AI score0.00565EPSS
Web
CVE
CVE
added 2024/08/14 11:0 p.m.48 views

CVE-2024-7798

CVE-2024-7798 affects SourceCodester Simple Online Bidding System 1.0. The vulnerability exists in the file /simple-online-bidding-system/bidding/admin/ajax.php?action=login2, where manipulation of the username parameter leads to SQL injection. It is exploitable remotely and has been disclosed pu...

9.8CVSS7.5AI score0.00698EPSS
Web
CVE
CVE
added 2024/05/16 3:0 a.m.47 views

CVE-2024-4928

CVE-2024-4928 affects SourceCodester Simple Online Bidding System v1.0. A SQL injection vulnerability exists in the vulnerable endpoint /simple-online-bidding-system/admin/ajax.php?action=delete_category where manipulating the id parameter can lead to unauthorized data access via SQL injection. E...

9.8CVSS7.3AI score0.00584EPSS
Web
CVE
CVE
added 2024/05/16 4:0 a.m.45 views

CVE-2024-4930

The CVE-2024-4930 entry affects SourceCodester Simple Online Bidding System 1.0, with a SQL injection described in the index.php?page=view_prod endpoint due to manipulation of the id parameter. The vulnerability is remote and has been publicly disclosed, implying potential exploitation vectors, t...

8.8CVSS7.5AI score0.0052EPSS
Web
CVE
CVE
added 2024/08/14 11:0 p.m.45 views

CVE-2024-7797

CVE-2024-7797 affects SourceCodester Simple Online Bidding System v1.0. The vulnerability resides in an unknown function of the file /simple-online-bidding-system/bidding/admin/ajax.php?action=login, where manipulation of the username parameter leads to SQL injection. It can be exploited remotely...

9.8CVSS7.5AI score0.00661EPSS
Web
CVE
CVE
added 2024/05/16 5:0 a.m.44 views

CVE-2024-4933

CVE-2024-4933 affects SourceCodester Simple Online Bidding System 1.0, with a SQL injection in the admin page: /simple-online-bidding-system/admin/index.php?page=manage_product where the parameter id can be manipulated. The vulnerability is exploitable remotely and has been disclosed publicly. Va...

9.8CVSS7.3AI score0.00584EPSS
Web
CVE
CVE
added 2024/08/18 7:31 p.m.42 views

CVE-2024-7911

CVE-2024-7911 concerns SourceCodester Simple Online Bidding System 1.0. The vulnerability resides in an unknown part of the file /simple-online-bidding-system/bidding/index.php, where manipulating the parameter page leads to file inclusion. It is exploitable remotely and the exploit has been disc...

9.8CVSS6.9AI score0.00749EPSS
Web
CVE
CVE
added 2024/05/28 11:31 p.m.35 views

CVE-2024-5437

Affected software: SourceCodester Simple Online Bidding System 1.0. The vulnerability is in the save_category function (file /admin/index.php?page=categories) where manipulating the argument name triggers cross-site scripting (XSS). Exploitation is possible remotely and publicly disclosed (VDB-26...

6.1CVSS6.2AI score0.00447EPSS
Web
CVE
CVE
added 2024/05/28 1:31 p.m.30 views

CVE-2024-5428

The CVE-2024-5428 entry applies to SourceCodester Simple Online Bidding System 1.0. The vulnerability is in the HTTP POST Request Handler, specifically the save_product function in /admin/index.php?page=manage_product, where a cross-site request forgery (CSRF) can be triggered remotely. Credible ...

6.9CVSS7.1AI score0.00335EPSS