Mayurik: Security Vulnerabilities
A Cross-Site Request Forgery (CSRF) vulnerability was found in SourceCodester Best House Rental Management System v1.0. This could lead to an attacker tricking the administrator into adding/modifying/deleting valid tenant data via a crafted HTML page, as demonstrated by a Delete Tenant action at the /rental/ajax.php?action=delete_tenant.
CVSS Score
8.0
EPSS Score
0.002
Published
2024-08-12
Cross Site Scripting vulnerability in Best House Rental Management System 1.0 allows a remote attacker to execute arbitrary code via the "House No" and "Description" parameters in the houses page at the index.php component.
CVSS Score
4.7
EPSS Score
0.004
Published
2024-07-29
A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /control/add_act.php. The manipulation of the argument aname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-07-14
Best House Rental Management System v1.0 was discovered to contain an arbitrary file read vulnerability via the Page parameter at index.php. This vulnerability allows attackers to read arbitrary PHP files and access other sensitive information within the application.
CVSS Score
7.5
EPSS Score
0.077
Published
2024-07-05
A vulnerability classified as critical has been found in SourceCodester Online Tours & Travels Management 1.0. This affects an unknown part of the file sms_setting.php. The manipulation of the argument uname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270279.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-07-03
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file payment_report.php. The manipulation of the argument month_of leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268794 is the identifier assigned to this vulnerability.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-06-17
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268767.
CVSS Score
6.9
EPSS Score
0.267
Published
2024-06-17
A vulnerability classified as critical has been found in SourceCodester Best Online News Portal 1.0. This affects an unknown part of the file /admin/index.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268461 was assigned to this vulnerability.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-06-14
Sourcecodester Gas Agency Management System v1.0 is vulnerable to SQL Injection via /gasmark/editbrand.php?id=.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-06-03
Sourcecodester Gas Agency Management System v1.0 is vulnerable to arbitrary code execution via editClientImage.php.
CVSS Score
8.1
EPSS Score
0.002
Published
2024-06-03