Oretnom23: Security Vulnerabilities
SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field.
CVSS Score
9.8
EPSS Score
0.078
Published
2022-01-21
An SQL Injection vulnerability exists in Sourcecodester Employee and Visitor Gate Pass Logging System 1.0 via the username parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-01-21
An SQL Injection vulnerability exists in Sourcecodester Simple Music Clour Community System 1.0 via the email parameter in /music/ajax.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-01-21
The password parameter on Simple Online Mens Salon Management System (MSMS) 1.0 appears to be vulnerable to SQL injection attacks through the password parameter. The predictive tests of this application interacted with that domain, indicating that the injected SQL query was executed. The attacker can retrieve all authentication and information about the users of this system.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-12-23
Multiple SQL injection vulnerabilities are found on Simple Forum-Discussion System 1.0 For example on three applications which are manage_topic.php, manage_user.php, and ajax.php. The attacker can be retrieving all information from the database of this system by using this vulnerability.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-12-21
Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability. The Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to gain access as admin to the application.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-12-15
Sourcecodester Online Learning System 2.0 is vunlerable to sql injection authentication bypass in admin login file (/admin/login.php) and authenticated file upload in (Master.php) file , we can craft these two vunlerablities to get unauthenticated remote command execution.
CVSS Score
9.8
EPSS Score
0.038
Published
2021-11-15
SQL Injection vulnerability exists in Sourcecodester. Simple Subscription Website 1.0. via the login.
CVSS Score
9.8
EPSS Score
0.007
Published
2021-11-03
Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Simple Subscription Website 1.0 via the id parameter in plan_application.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-11-03
Remote Code Exection (RCE) vulnerability exists in Sourcecodester Online Food Ordering System 2.0 via a maliciously crafted PHP file that bypasses the image upload filters.
CVSS Score
9.8
EPSS Score
0.008
Published
2021-10-29