Lucene search
K
Oretnom23Simple Subscription Website

7 matches found

CVE
CVE
added 2021/11/03 6:40 p.m.186 views

CVE-2021-43141

CVE-2021-43141 affects Sourcecodester Simple Subscription Website 1.0. The vulnerability is a Cross Site Scripting (XSS) flaw exploitable via the id parameter in plan_application (and, per some sources, also via users_application). Root cause is improper handling/validation of user input in the a...

6.1CVSS6AI score0.01396EPSS
In wild
CVE
CVE
added 2022/03/21 10:25 p.m.94 views

CVE-2022-26283

Simple Subscription Website v1.0 is affected by a SQL injection in the view_plan endpoint (via the id parameter) that enables dumping the database through crafted HTTP requests. Red‑hat and other sources corroborate a database‑dump impact; the issue stems from unsafely interpolated id values. Mit...

9.8CVSS9.6AI score0.01532EPSS
CVE
CVE
added 2021/11/03 6:38 p.m.80 views

CVE-2021-43140

Sourcecodester Simple Subscription Website 1.0 is affected by a SQL Injection in the login/authentication flow. The vulnerability arises in the login endpoint (e.g., plan_application/Actions.php?a=login) and can be exploited with input like admin' or 1=1-- to bypass authentication and potentially...

9.8CVSS9.8AI score0.04729EPSS
Web
CVE
CVE
added 2024/03/28 1:31 a.m.78 views

CVE-2024-3015

CVE-2024-3015 affects SourceCodester Simple Subscription Website 1.0, specifically the manage_plan.php/file path that handles plan management. Affected functionality allows manipulation of the id parameter, leading to SQL injection. The vulnerability is exploitable remotely and, per the sources, ...

8.8CVSS6.9AI score0.00675EPSS
CVE
CVE
added 2024/03/28 1:0 a.m.71 views

CVE-2024-3014

Vulnerability summary (CVE-2024-3014): SourceCodester Simple Subscription Website 1.0 contains a SQL injection in the Actions.php file, caused by unsafely handling the title parameter. This allows remote exploitation and aligns with reported public disclosures. Multiple sources confirm the root c...

8.8CVSS6.9AI score0.00675EPSS
CVE
CVE
added 2024/03/28 3:0 p.m.68 views

CVE-2024-3042

The CVE-2024-3042 entry applies to SourceCodester Simple Subscription Website 1.0. It documents an SQL injection in the file manage_user.php via the id parameter, caused by improper handling of the input. The vulnerability can be exploited remotely, and public disclosures exist. Remediation/worka...

9.1CVSS6.8AI score0.00609EPSS
CVE
CVE
added 2024/04/24 1:0 a.m.39 views

CVE-2024-4093

CVE-2024-4093 affects SourceCodester Simple Subscription Website 1.0. A SQL injection vulnerability exists in view_application.php caused by manipulating the id parameter in an unknown function, enabling remote exploitation. Multiple connected sources confirm a critical severity with high impact ...

8.8CVSS7.3AI score0.00713EPSS