redtrib3/CVEs

Releases0

Reports for CVEs assigned to me.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-51326 ↗	Nov 4, 2024Monday, 4 November 2024, 18:15	7.5 HIGH	—
SQL Injection vulnerability in projectworlds Travel management System v.1.0 allows a remote attacker to execute arbitrary code via the 't2' parameter in deletesubcategory.php.
CVE-2024-51327 ↗	Nov 4, 2024Monday, 4 November 2024, 18:15	9.8 CRITICAL	—
SQL Injection in loginform.php in ProjectWorld's Travel Management System v1.0 allows remote attackers to bypass authentication via SQL Injection in the 'username' and 'password' fields.
CVE-2024-51328 ↗	Nov 4, 2024Monday, 4 November 2024, 18:15	6.1 MEDIUM	—
Cross Site Scripting vulnerability in addcategory.php in projectworld's Travel Management System v1.0 allows remote attacker to inject arbitrary code via the t2 parameter.
CVE-2024-51329 ↗	Nov 4, 2024Monday, 4 November 2024, 18:15	8.8 HIGH	—
A Host header injection vulnerability in Agile-Board 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link.