Oretnom23: Security Vulnerabilities
A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /csms/admin/?page=user/manage_user of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211049 was assigned to this vulnerability.
CVSS Score
4.7
EPSS Score
0.002
Published
2022-10-17
Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/classes/Master.php?f=delete_storage.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-10-14
Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference (IDOR) vulnerability
CVSS Score
4.3
EPSS Score
0.001
Published
2022-10-14
Online Birth Certificate Management System version 1.0 suffers from a persistent Cross Site Scripting (XSS) vulnerability.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-10-14
Online Birth Certificate Management System version 1.0 is vulnerable to Cross Site Request Forgery (CSRF).
CVSS Score
8.8
EPSS Score
0.001
Published
2022-10-14
Online Birth Certificate Management System version 1.0 suffers from a Cross Site Scripting (XSS) Vulnerability.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-10-14
A vulnerability was found in Human Resource Management System 1.0. It has been classified as problematic. This affects an unknown part of the component Leave Handler. The manipulation of the argument Reason leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-210831.
CVSS Score
3.5
EPSS Score
0.001
Published
2022-10-14
A vulnerability was found in SourceCodester Human Resource Management System 1.0 and classified as critical. This issue affects some unknown processing of the file employeeadd.php of the component Admin Panel. The manipulation leads to improper access controls. The attack may be initiated remotely. The identifier VDB-210785 was assigned to this vulnerability.
CVSS Score
6.3
EPSS Score
0.001
Published
2022-10-14
A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been classified as problematic. Affected is an unknown function of the component Master List. The manipulation of the argument city/state/country/position leads to cross site scripting. It is possible to launch the attack remotely. VDB-210786 is the identifier assigned to this vulnerability.
CVSS Score
3.5
EPSS Score
0.001
Published
2022-10-14
A vulnerability classified as critical was found in SourceCodester Human Resource Management System 1.0. This vulnerability affects unknown code of the component Profile Photo Handler. The manipulation of the argument parameter leads to os command injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-210772.
CVSS Score
6.3
EPSS Score
0.002
Published
2022-10-13