Oretnom23: Security Vulnerabilities
A vulnerability, which was classified as critical, was found in SourceCodester Simple Customer Relationship Management System 1.0. This affects an unknown part of the file /php-scrm/login.php. The manipulation of the argument Password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221493 was assigned to this vulnerability.
CVSS Score
7.3
EPSS Score
0.001
Published
2023-02-19
A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is the function registration of the file oews/classes/Users.php of the component POST Request Handler. The manipulation of the argument firstname/middlename/lastname/email/contact leads to cross site scripting. The attack can be launched remotely. The identifier VDB-220369 was assigned to this vulnerability.
CVSS Score
3.5
EPSS Score
0.001
Published
2023-02-07
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects the function update_cart of the file /oews/classes/Master.php?f=update_cart of the component HTTP POST Request Handler. The manipulation of the argument cart_id leads to sql injection. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The identifier VDB-220245 was assigned to this vulnerability.
CVSS Score
5.0
EPSS Score
0.001
Published
2023-02-06
Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at save_ticket.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-02-06
Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at get_ticket.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-02-06
Raffle Draw System v1.0 was discovered to contain a local file inclusion vulnerability via the page parameter in index.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-02-06
Raffle Draw System v1.0 was discovered to contain multiple SQL injection vulnerabilities at save_winner.php via the ticket_id and draw parameters.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-02-06
Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at delete_ticket.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-02-06
A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file oews/?p=products/view_product.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The associated identifier of this vulnerability is VDB-220195.
CVSS Score
5.0
EPSS Score
0.0
Published
2023-02-04
A cross-site scripting (XSS) vulnerability in Expense Tracker 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat text field.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-12-15