wkeyi0x1/vul-report

Releases0

Stars1

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-30849 ↗	Apr 5, 2024Friday, 5 April 2024, 08:15	9.8 CRITICAL	—
Arbitrary file upload vulnerability in Sourcecodester Complete E-Commerce Site v1.0, allows remote attackers to execute arbitrary code via filename parameter in admin/products_photo.php.
CVE-2024-2754 ↗	Mar 21, 2024Thursday, 21 March 2024, 07:15	4.7 MEDIUM	5.8 MEDIUM
A vulnerability classified as critical has been found in SourceCodester Complete E-Commerce Site 1.0. Affected is an unknown function of the file /admin/users_photo.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257544.
CVE-2024-2690 ↗	Mar 20, 2024Wednesday, 20 March 2024, 10:15	6.3 MEDIUM	6.5 MEDIUM
A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been classified as critical. Affected is an unknown function of the file /uupdate.php. The manipulation of the argument ima leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257388.
CVE-2024-2331 ↗	Mar 9, 2024Saturday, 9 March 2024, 10:15	6.3 MEDIUM	6.5 MEDIUM
A vulnerability was found in SourceCodester Tourist Reservation System 1.0. It has been declared as critical. This vulnerability affects the function ad_writedata of the file System.cpp. The manipulation of the argument ad_code leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256282 is the identifier assigned to this vulnerability.
CVE-2024-2155 ↗	Mar 4, 2024Monday, 4 March 2024, 01:15	4.3 MEDIUM	4 MEDIUM
A vulnerability was found in SourceCodester Best POS Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255587.
CVE-2024-2156 ↗	Mar 4, 2024Monday, 4 March 2024, 01:15	6.3 MEDIUM	6.5 MEDIUM
A vulnerability was found in SourceCodester Best POS Management System 1.0. It has been classified as critical. Affected is an unknown function of the file admin_class.php. The manipulation of the argument img leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255588.
CVE-2024-2150 ↗	Mar 3, 2024Sunday, 3 March 2024, 18:15	5.3 MEDIUM	5 MEDIUM
A vulnerability, which was classified as critical, has been found in SourceCodester Insurance Management System 1.0. This issue affects some unknown processing. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255503.
CVE-2022-28093 ↗	Apr 25, 2022Monday, 25 April 2022, 15:15	9.8 CRITICAL	7.5 HIGH
SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a local file inclusion vulnerability which allow attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-28094 ↗	Apr 25, 2022Monday, 25 April 2022, 15:15	6.1 MEDIUM	4.3 MEDIUM
SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the fid parameter at booking.php.