17 matches found
CVE-2024-2077
The CVE-2024-2077 entry concerns SourceCodester Simple Online Bidding System 1.0. Affected component: index.php, where manipulating the category_id parameter enables SQL injection. Impact stated as high confidentiality, integrity, and availability risk, with remote exploitation possible and explo...
CVE-2024-6280
SourceCodester Simple Online Bidding System 1.0 contains a vulnerability in /admin/ajax.php?action=save_settings where manipulating the img parameter enables unrestricted file upload. The issue is exploitable remotely and has been disclosed publicly. Multiple feeds (NVD, CVE/CVELIST, Red Hat, Vul...
CVE-2024-4931
CVE-2024-4931 affects SourceCodester Simple Online Bidding System 1.0. The vulnerability is in the admin endpoint /simple-online-bidding-system/admin/index.php?page=view_udet, where manipulation of the id parameter leads to SQL injection. Attackers can exploit this remotely, and public disclosure...
CVE-2024-7799
SourceCodester Simple Online Bidding System 1.0 contains a vulnerability in the file /simple-online-bidding-system/bidding/admin/users.php that leads to improper authorization. The issue can be exploited remotely and a public exploit has been disclosed. Public remediation status is not confirmed ...
CVE-2024-4929
SourceCodester Simple Online Bidding System v1.0 has a cross-site request forgery (CSRF) vulnerability in admin/ajax.php?action=save_user. The flaw permits remote initiation and, per the CVE description, an exploit has been disclosed publicly. Multiple sources corroborate that the issue affects a...
CVE-2024-4927
CVE-2024-4927 affects SourceCodester Simple Online Bidding System 1.0. The issue resides in an unknown functionality of the file /simple-online-bidding-system/admin/ajax.php?action=save_product, enabling unrestricted file uploads and allowing remote exploitation. Multiple sources note this as a c...
CVE-2024-6417
The CVE-2024-6417 entry concerns SourceCodester Simple Online Bidding System 1.0. The vulnerability is a SQL injection in the admin endpoint /admin/ajax.php?action=delete_user triggered by the id parameter. It is described as remote, with public exploit availability. Impact is SQL injection; in t...
CVE-2024-7800
This CVE concerns SourceCodester Simple Online Bidding System 1.0. A SQL injection vulnerability exists in the admin endpoint /simple-online-bidding-system/bidding/admin/ajax.php?action=delete_product, triggered by manipulating the id parameter. The issue is exploitable remotely and affects the c...
CVE-2024-4932
CVE-2024-4932 : Concrete details show a SQL injection in SourceCodester Simple Online Bidding System 1.0. The vulnerability affects the file /simple-online-bidding-system/admin/index.php?page=manage_user where the id parameter manipulation leads to injection. It allows remote exploitation, and th...
CVE-2024-7798
CVE-2024-7798 affects SourceCodester Simple Online Bidding System 1.0. The vulnerability exists in the file /simple-online-bidding-system/bidding/admin/ajax.php?action=login2, where manipulation of the username parameter leads to SQL injection. It is exploitable remotely and has been disclosed pu...
CVE-2024-4928
CVE-2024-4928 affects SourceCodester Simple Online Bidding System v1.0. A SQL injection vulnerability exists in the vulnerable endpoint /simple-online-bidding-system/admin/ajax.php?action=delete_category where manipulating the id parameter can lead to unauthorized data access via SQL injection. E...
CVE-2024-4930
The CVE-2024-4930 entry affects SourceCodester Simple Online Bidding System 1.0, with a SQL injection described in the index.php?page=view_prod endpoint due to manipulation of the id parameter. The vulnerability is remote and has been publicly disclosed, implying potential exploitation vectors, t...
CVE-2024-4933
CVE-2024-4933 affects SourceCodester Simple Online Bidding System 1.0, with a SQL injection in the admin page: /simple-online-bidding-system/admin/index.php?page=manage_product where the parameter id can be manipulated. The vulnerability is exploitable remotely and has been disclosed publicly. Va...
CVE-2024-7797
CVE-2024-7797 affects SourceCodester Simple Online Bidding System v1.0. The vulnerability resides in an unknown function of the file /simple-online-bidding-system/bidding/admin/ajax.php?action=login, where manipulation of the username parameter leads to SQL injection. It can be exploited remotely...
CVE-2024-7911
CVE-2024-7911 concerns SourceCodester Simple Online Bidding System 1.0. The vulnerability resides in an unknown part of the file /simple-online-bidding-system/bidding/index.php, where manipulating the parameter page leads to file inclusion. It is exploitable remotely and the exploit has been disc...
CVE-2024-5437
Affected software: SourceCodester Simple Online Bidding System 1.0. The vulnerability is in the save_category function (file /admin/index.php?page=categories) where manipulating the argument name triggers cross-site scripting (XSS). Exploitation is possible remotely and publicly disclosed (VDB-26...
CVE-2024-5428
The CVE-2024-5428 entry applies to SourceCodester Simple Online Bidding System 1.0. The vulnerability is in the HTTP POST Request Handler, specifically the save_product function in /admin/index.php?page=manage_product, where a cross-site request forgery (CSRF) can be triggered remotely. Credible ...