Codeastro: Security Vulnerabilities
Code Astro Internet Banking System 2.0.0 is vulnerable to Cross Site Scripting (XSS) via the name parameter in /admin/pages_account.php.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-04-17
A Remote Code Execution (RCE) vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profile_pic parameter within pages_view_client.php.
CVSS Score
8.8
EPSS Score
0.008
Published
2025-04-10
A Stored Cross-Site Scripting (XSS) vulnerability exists in the name parameter of pages_add_acc_type.php in Code Astro Internet Banking System 2.0.0.
CVSS Score
4.8
EPSS Score
0.001
Published
2025-04-09
A vulnerability, which was classified as critical, has been found in CodeAstro Car Rental System 1.0. Affected by this issue is some unknown functionality of the file /returncar.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.3
EPSS Score
0.001
Published
2025-04-04
A vulnerability, which was classified as critical, was found in CodeAstro Student Grading System 1.0. This affects an unknown part of the file studentsubject.php. The manipulation of the argument studentId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.3
EPSS Score
0.001
Published
2025-04-04
Incorrect access control in the endpoint /admin/m_delete.php of CodeAstro Complaint Management System v1.0 allows unauthorized attackers to arbitrarily delete complaints via modification of the id parameter.
CVSS Score
7.5
EPSS Score
0.006
Published
2025-02-06
A Cross Site Request Forgery (CSRF) vulnerability in Code Astro Internet banking system 2.0.0 allows remote attackers to execute arbitrary JavaScript on the admin page (pages_account), potentially leading to unauthorized actions such as changing account settings or stealing sensitive user information. This vulnerability occurs due to improper validation of user requests, which enables attackers to exploit the system by tricking the admin user into executing malicious scripts.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-01-22
An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the delete_e.php component.
CVSS Score
9.8
EPSS Score
0.006
Published
2025-01-03
A vulnerability was found in CodeAstro Online Food Ordering System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/update_users.php of the component Update User Page. The manipulation of the argument user_upd leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-12-31
A vulnerability was found in CodeAstro Online Food Ordering System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/all_users.php of the component All Users Page. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
5.3
EPSS Score
0.0
Published
2024-12-31