Oretnom23: >> Lost And Found Information System Security Vulnerabilities
Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the first, last, middle name fields in the User Profile page.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-07-29
SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via id parameter to php-lfis/admin/categories/view_category.php.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-07-29
SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the id parameter to php-lfis/admin/categories/manage_category.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-07-29
Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the page parameter to php-lfis/admin/index.php.
CVSS Score
6.1
EPSS Score
0.0
Published
2024-07-29
Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*" which can be escalated to the remote command execution.
CVSS Score
8.4
EPSS Score
0.003
Published
2024-03-07
Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*".
CVSS Score
7.5
EPSS Score
0.0
Published
2024-03-06
Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-11-03
A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_category of the component POST Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-239859.
CVSS Score
6.3
EPSS Score
0.0
Published
2023-09-17
Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-08-04
A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_category of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The identifier VDB-235201 was assigned to this vulnerability.
CVSS Score
6.3
EPSS Score
0.0
Published
2023-07-23
Page 1