0xQRx/VulnerabilityResearch

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-25350 ↗	Feb 28, 2024Wednesday, 28 February 2024, 22:15	9.8 CRITICAL	—
SQL Injection vulnerability in /zms/admin/edit-ticket.php in PHPGurukul Zoo Management System 1.0 via tickettype and tprice parameters.
CVE-2024-25351 ↗	Feb 28, 2024Wednesday, 28 February 2024, 22:15	3.8 LOW	—
SQL Injection vulnerability in /zms/admin/changeimage.php in PHPGurukul Zoo Management System 1.0 allows attackers to run arbitrary SQL commands via the editid parameter.
CVE-2024-25866 ↗	Feb 28, 2024Wednesday, 28 February 2024, 22:15	8.8 HIGH	—
A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the email parameter in the index.php component.
CVE-2024-25867 ↗	Feb 28, 2024Wednesday, 28 February 2024, 22:15	9.1 CRITICAL	—
A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the membershipType and membershipAmount parameters in the add_type.php component.
CVE-2024-25868 ↗	Feb 28, 2024Wednesday, 28 February 2024, 22:15	6.1 MEDIUM	—
A Cross Site Scripting (XSS) vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via the membershipType parameter in the add_type.php component.
CVE-2024-25869 ↗	Feb 28, 2024Wednesday, 28 February 2024, 22:15	8.8 HIGH	—
An Unrestricted File Upload vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via upload of a crafted php file in the settings.php component.
CVE-2024-24494 ↗	Feb 8, 2024Thursday, 8 February 2024, 21:15	6.1 MEDIUM	—
Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via the day, exercise, pray, read_book, vitamins, laundry, alcohol and meat parameters in the add-tracker.php and update-tracker.php components.
CVE-2024-24495 ↗	Feb 8, 2024Thursday, 8 February 2024, 21:15	9.8 CRITICAL	—
SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request.
CVE-2024-24496 ↗	Feb 8, 2024Thursday, 8 February 2024, 21:15	9.8 CRITICAL	—
An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php, delete-tracker.php, update-tracker.php components.
CVE-2024-24497 ↗	Feb 8, 2024Thursday, 8 February 2024, 21:15	—	—
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1009. Reason: This candidate is a duplicate of CVE-2024-1009. Notes: All CVE users should reference CVE-2024-1009 instead of this candidate.
CVE-2024-24498 ↗	Feb 8, 2024Thursday, 8 February 2024, 21:15	—	—
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1008. Reason: This candidate is a duplicate of CVE-2024-1008. Notes: All CVE users should reference CVE-2024-1008 instead of this candidate.
CVE-2024-24499 ↗	Feb 8, 2024Thursday, 8 February 2024, 21:15	—	—
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1007. Reason: This candidate is a duplicate of CVE-2024-1007. Notes: All CVE users should reference CVE-2024-1007 instead of this candidate.