lcg-22266/bug_report

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-27052 ↗	Mar 13, 2023Monday, 13 March 2023, 22:15	9.8 CRITICAL	—
E-Commerce System v1.0 ws discovered to contain a SQL injection vulnerability via the id parameter at /admin/delete_user.php.
CVE-2023-1151 ↗	Mar 2, 2023Thursday, 2 March 2023, 07:15	6.3 MEDIUM	6.5 MEDIUM
A vulnerability was found in SourceCodester Electronic Medical Records System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file administrator.php of the component Cookie Handler. The manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222163.
CVE-2023-1113 ↗	Mar 1, 2023Wednesday, 1 March 2023, 10:15	2.4 LOW	3.3 LOW
A vulnerability was found in SourceCodester Simple Payroll System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file admin/?page=admin of the component POST Parameter Handler. The manipulation of the argument fullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222073 was assigned to this vulnerability.
CVE-2022-44400 ↗	Nov 28, 2022Monday, 28 November 2022, 15:15	9.8 CRITICAL	—
Purchase Order Management System v1.0 contains a file upload vulnerability via /purchase_order/admin/?page=system_info.
CVE-2022-44401 ↗	Nov 28, 2022Monday, 28 November 2022, 15:15	9.8 CRITICAL	—
Online Tours & Travels Management System v1.0 contains an arbitrary file upload vulnerability via /tour/admin/file.php.