4 matches found
CVE-2023-30247
CVE-2023-30247 concerns a file upload vulnerability in the Oretnom23 Storage Unit Rental Management System v1.0. The issue allows a remote attacker to execute arbitrary code via the update_settings parameter, with CVSS3.1 indicating a NETWORK attack vector, no user interaction, and a base score o...
CVE-2023-1559
CVE-2023-1559 affects SourceCodester Storage Unit Rental Management System 1.0, with a vulnerability in the file classes/Users.php?f=save that allows an attacker to perform an unrestricted upload. Multiple sources in the Connected documents corroborate the issue and describe remote exploitation p...
CVE-2021-40907
CVE-2021-40907 affects SourceCodester Storage Unit Rental Management System v1 by oretnom23. A SQL injection flaw arises from inadequate validation of externally entered SQL statements in the username parameter of /storage/classes/Login.php, allowing attackers to execute arbitrary SQL commands. N...
CVE-2021-42597
CVE-2021-42597 affects Sourcecodester Storage Unit Rental Management System (SURMS) v1.0 running on PHP 8.0.10 with Apache 2.4.14. A Cross-Site Scripting (XSS) vulnerability exists via the Add New Tenant List Rent List form. Exploitation details are not provided beyond the XSS indication; no reme...