Oretnom23: Security Vulnerabilities
Sourcecodester Online Learning System 2.0 is vunlerable to sql injection authentication bypass in admin login file (/admin/login.php) and authenticated file upload in (Master.php) file , we can craft these two vunlerablities to get unauthenticated remote command execution.
CVSS Score
9.8
EPSS Score
0.019
Published
2021-11-15
SQL Injection vulnerability exists in Sourcecodester. Simple Subscription Website 1.0. via the login.
CVSS Score
9.8
EPSS Score
0.006
Published
2021-11-03
Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Simple Subscription Website 1.0 via the id parameter in plan_application.
CVSS Score
6.1
EPSS Score
0.006
Published
2021-11-03
Remote Code Execution (RCE) vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field. .
CVSS Score
8.8
EPSS Score
0.103
Published
2021-10-29
Page 66