VYPR

Vendor CVEs

Angeljudesuarez

All CVEs

221 total · sorted by risk
  • CVE-2024-10805Nov 4, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in code-projects University Event Management System 1.0. It has been classified as critical. This affects an unknown part of the file doedit.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely.…

  • CVE-2024-10760Nov 4, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in code-projects University Event Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dodelete.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely.…

  • CVE-2024-10700Nov 2, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in code-projects University Event Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file submit.php. The manipulation of the argument name/email/title/Year/gender/fromdate/todate/people leads to sql…

  • CVE-2024-48597Oct 21, 2024
    risk 0.00cvss epss 0.00

    Online Clinic Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /success/editp.php?action=edit.

  • CVE-2024-8217Aug 27, 2024
    risk 0.00cvss epss 0.01

    A vulnerability has been found in SourceCodester E-Commerce Website 1.0 and classified as critical. This vulnerability affects unknown code of the file /Admin/registration.php. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely.…

  • CVE-2024-8139Aug 25, 2024
    risk 0.00cvss epss 0.01

    A vulnerability has been found in itsourcecode E-Commerce Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file search_list.php. The manipulation of the argument user leads to sql injection. The attack can be launched…

  • CVE-2024-7913Aug 18, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in itsourcecode Billing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /addclient1.php. The manipulation of the argument lname/fname/mi/address/contact/meterReader leads to sql injection. The attack may…

  • CVE-2024-7839Aug 15, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in itsourcecode Billing System 1.0. This affects an unknown part of the file addbill.php. The manipulation of the argument owners_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been…

  • CVE-2024-42843Aug 15, 2024
    risk 0.00cvss epss 0.01

    Projectworlds Online Examination System v1.0 is vulnerable to SQL Injection via the subject parameter in feed.php.

  • CVE-2024-6958Jul 21, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /st_update.php of the component Avatar File Handler. The manipulation of the argument personal_image leads to unrestricted…

  • CVE-2024-6957Jul 21, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in itsourcecode University Management System 1.0. This affects an unknown part of the file functions.php of the component Login. The manipulation of the argument username leads to sql injection. It is possible to initiate the…

  • CVE-2024-6956Jul 21, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in itsourcecode University Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view_cgpa.php. The manipulation of the argument VR/VN leads to sql injection. The attack may be launched…

  • CVE-2024-6952Jul 21, 2024
    risk 0.00cvss epss 0.01

    A vulnerability has been found in itsourcecode University Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view_single_result.php?vr=123321&vn=mirage. The manipulation of the argument seme leads to sql injection. The attack…

  • CVE-2024-35469May 30, 2024
    risk 0.00cvss epss 0.01

    A SQL injection vulnerability in /hrm/user/ in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter.

  • CVE-2024-35468May 30, 2024
    risk 0.00cvss epss 0.00

    A SQL injection vulnerability in /hrm/index.php in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter.

  • CVE-2024-5116May 20, 2024
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, has been found in SourceCodester Online Examination System 1.0. Affected by this issue is some unknown functionality of the file save.php. The manipulation of the argument vote leads to sql injection. The attack may be launched…

  • CVE-2024-5046May 17, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in SourceCodester Online Examination System 1.0. It has been rated as critical. This issue affects some unknown processing of the file registeracc.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely.…

  • CVE-2024-34221May 13, 2024
    risk 0.00cvss epss 0.01

    Sourcecodester Human Resource Management System 1.0 is vulnerable to Insecure Permissions resulting in privilege escalation.

  • CVE-2024-34222May 13, 2024
    risk 0.00cvss epss 0.00

    Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the searccountry parameter.

  • CVE-2024-34223May 13, 2024
    risk 0.00cvss epss 0.00

    Insecure permission vulnerability in /hrm/leaverequest.php in SourceCodester Human Resource Management System 1.0 allow attackers to approve or reject leave ticket.

  • CVE-2024-34220May 9, 2024
    risk 0.00cvss epss 0.01

    Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the 'leave' parameter.

  • CVE-2024-1266Feb 7, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic was found in CodeAstro University Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /st_reg.php of the component Student Registration Form. The manipulation of the argument Address leads to…

  • CVE-2024-1265Feb 7, 2024
    risk 0.00cvss epss 0.00

    A vulnerability classified as problematic has been found in CodeAstro University Management System 1.0. Affected is an unknown function of the file /att_add.php of the component Attendance Management. The manipulation of the argument Student Name leads to cross site scripting.…

  • CVE-2023-7108Dec 26, 2023
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic has been found in code-projects E-Commerce Website 1.0. This affects an unknown part of the file user_signup.php. The manipulation of the argument firstname with the input <video/src=x onerror=alert(document.domain)> leads to cross site…

  • CVE-2023-7107Dec 25, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in code-projects E-Commerce Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file user_signup.php. The manipulation of the argument firstname/middlename/email/address/contact/username leads to sql…

  • CVE-2023-7106Dec 25, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in code-projects E-Commerce Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file product_details.php?prod_id=11. The manipulation of the argument prod_id leads to sql injection. The attack…

  • CVE-2023-7105Dec 25, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in code-projects E-Commerce Website 1.0. It has been classified as critical. Affected is an unknown function of the file index_search.php. The manipulation of the argument search leads to sql injection. It is possible to launch the attack remotely. The…

  • CVE-2023-45121Dec 21, 2023
    risk 0.00cvss epss 0.01

    Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'desc' parameter of the /update.php?q=addquiz resource does not validate the characters received and they are sent unfiltered to the database.

  • CVE-2023-45118Dec 21, 2023
    risk 0.00cvss epss 0.01

    Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'fdid' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database.

  • CVE-2023-45117Dec 21, 2023
    risk 0.00cvss epss 0.01

    Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'eid' parameter of the /update.php?q=rmquiz resource does not validate the characters received and they are sent unfiltered to the database.

  • CVE-2023-45116Dec 21, 2023
    risk 0.00cvss epss 0.01

    Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'demail' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database.

  • CVE-2023-6425Nov 30, 2023
    risk 0.00cvss epss 0.00

    A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/medical_records_view.php, in the FirstRecord parameter. Exploitation of this vulnerability…

  • CVE-2023-6424Nov 30, 2023
    risk 0.00cvss epss 0.00

    A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/disease_symptoms_view.php, in the FirstRecord parameter. Exploitation of this vulnerability…

  • CVE-2023-6423Nov 30, 2023
    risk 0.00cvss epss 0.00

    A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/events_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow…

  • CVE-2023-6422Nov 30, 2023
    risk 0.00cvss epss 0.00

    A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/patients_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could…

  • CVE-2023-45111Nov 2, 2023
    risk 0.00cvss epss 0.01

    Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'email' parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database.

  • CVE-2023-45203Nov 1, 2023
    risk 0.00cvss epss 0.00

    Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the login.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.

  • CVE-2023-45202Nov 1, 2023
    risk 0.00cvss epss 0.00

    Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the feed.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.

  • CVE-2023-43470Sep 22, 2023
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in janobe Online Voting System v.1.0 allows a remote attacker to execute arbitrary code via the checklogin.php component.

  • CVE-2023-36256Jul 7, 2023
    risk 0.00cvss epss 0.00

    The Online Examination System Project 1.0 version is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can craft a malicious link that, when clicked by an admin user, will delete a user account from the database without the admin's consent. The email of the…

  • CVE-2023-3391Jun 23, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file detailview.php. The manipulation of the argument employeeid leads to sql injection. The attack can be initiated…

  • CVE-2022-4278Dec 3, 2022
    risk 0.00cvss epss 0.01

    A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /hrm/employeeadd.php. The manipulation of the argument empid leads to sql injection. The attack may be…

  • CVE-2022-4279Dec 3, 2022
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic has been found in SourceCodester Human Resource Management System 1.0. Affected is an unknown function of the file /hrm/employeeview.php. The manipulation of the argument search leads to cross site scripting. It is possible to launch the…

  • CVE-2022-4273Dec 3, 2022
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the file /hrm/controller/employee.php of the component Content-Type Handler. The manipulation of the argument…

  • CVE-2022-43318Nov 7, 2022
    risk 0.00cvss epss 0.01

    Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the stateedit parameter at /hrm/state.php.

  • CVE-2022-43317Nov 7, 2022
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in /hrm/index.php?msg of Human Resource Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

  • CVE-2022-3497Oct 14, 2022
    risk 0.00cvss epss 0.00

    A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been classified as problematic. Affected is an unknown function of the component Master List. The manipulation of the argument city/state/country/position leads to cross site scripting. It…

  • CVE-2022-3496Oct 14, 2022
    risk 0.00cvss epss 0.00

    A vulnerability was found in SourceCodester Human Resource Management System 1.0 and classified as critical. This issue affects some unknown processing of the file employeeadd.php of the component Admin Panel. The manipulation leads to improper access controls. The attack may be…

  • CVE-2022-42066Oct 14, 2022
    risk 0.00cvss epss 0.01

    Online Examination System version 1.0 suffers from a cross site scripting vulnerability via index.php.

  • CVE-2022-3493Oct 13, 2022
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as problematic, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the component Add Employee Handler. The manipulation of the argument First Name/Middle Name/Last Name leads…

Page 4 of 5