7 matches found
CVE-2021-43141
CVE-2021-43141 affects Sourcecodester Simple Subscription Website 1.0. The vulnerability is a Cross Site Scripting (XSS) flaw exploitable via the id parameter in plan_application (and, per some sources, also via users_application). Root cause is improper handling/validation of user input in the a...
CVE-2022-26283
Simple Subscription Website v1.0 is affected by a SQL injection in the view_plan endpoint (via the id parameter) that enables dumping the database through crafted HTTP requests. Red‑hat and other sources corroborate a database‑dump impact; the issue stems from unsafely interpolated id values. Mit...
CVE-2021-43140
Sourcecodester Simple Subscription Website 1.0 is affected by a SQL Injection in the login/authentication flow. The vulnerability arises in the login endpoint (e.g., plan_application/Actions.php?a=login) and can be exploited with input like admin' or 1=1-- to bypass authentication and potentially...
CVE-2024-3015
CVE-2024-3015 affects SourceCodester Simple Subscription Website 1.0, specifically the manage_plan.php/file path that handles plan management. Affected functionality allows manipulation of the id parameter, leading to SQL injection. The vulnerability is exploitable remotely and, per the sources, ...
CVE-2024-3014
Vulnerability summary (CVE-2024-3014): SourceCodester Simple Subscription Website 1.0 contains a SQL injection in the Actions.php file, caused by unsafely handling the title parameter. This allows remote exploitation and aligns with reported public disclosures. Multiple sources confirm the root c...
CVE-2024-3042
The CVE-2024-3042 entry applies to SourceCodester Simple Subscription Website 1.0. It documents an SQL injection in the file manage_user.php via the id parameter, caused by improper handling of the input. The vulnerability can be exploited remotely, and public disclosures exist. Remediation/worka...
CVE-2024-4093
CVE-2024-4093 affects SourceCodester Simple Subscription Website 1.0. A SQL injection vulnerability exists in view_application.php caused by manipulating the id parameter in an unknown function, enabling remote exploitation. Multiple connected sources confirm a critical severity with high impact ...