Vendor CVEs
Angeljudesuarez
All CVEs
221 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-10805 | 0.00 | — | 0.01 | Nov 4, 2024 | A vulnerability was found in code-projects University Event Management System 1.0. It has been classified as critical. This affects an unknown part of the file doedit.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely.… | |||
| CVE-2024-10760 | 0.00 | — | 0.00 | Nov 4, 2024 | A vulnerability was found in code-projects University Event Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dodelete.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely.… | |||
| CVE-2024-10700 | 0.00 | — | 0.01 | Nov 2, 2024 | A vulnerability was found in code-projects University Event Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file submit.php. The manipulation of the argument name/email/title/Year/gender/fromdate/todate/people leads to sql… | |||
| CVE-2024-48597 | 0.00 | — | 0.00 | Oct 21, 2024 | Online Clinic Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /success/editp.php?action=edit. | |||
| CVE-2024-8217 | 0.00 | — | 0.01 | Aug 27, 2024 | A vulnerability has been found in SourceCodester E-Commerce Website 1.0 and classified as critical. This vulnerability affects unknown code of the file /Admin/registration.php. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely.… | |||
| CVE-2024-8139 | 0.00 | — | 0.01 | Aug 25, 2024 | A vulnerability has been found in itsourcecode E-Commerce Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file search_list.php. The manipulation of the argument user leads to sql injection. The attack can be launched… | |||
| CVE-2024-7913 | 0.00 | — | 0.01 | Aug 18, 2024 | A vulnerability was found in itsourcecode Billing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /addclient1.php. The manipulation of the argument lname/fname/mi/address/contact/meterReader leads to sql injection. The attack may… | |||
| CVE-2024-7839 | 0.00 | — | 0.01 | Aug 15, 2024 | A vulnerability classified as critical has been found in itsourcecode Billing System 1.0. This affects an unknown part of the file addbill.php. The manipulation of the argument owners_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been… | |||
| CVE-2024-42843 | 0.00 | — | 0.01 | Aug 15, 2024 | Projectworlds Online Examination System v1.0 is vulnerable to SQL Injection via the subject parameter in feed.php. | |||
| CVE-2024-6958 | 0.00 | — | 0.01 | Jul 21, 2024 | A vulnerability classified as critical was found in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /st_update.php of the component Avatar File Handler. The manipulation of the argument personal_image leads to unrestricted… | |||
| CVE-2024-6957 | 0.00 | — | 0.01 | Jul 21, 2024 | A vulnerability classified as critical has been found in itsourcecode University Management System 1.0. This affects an unknown part of the file functions.php of the component Login. The manipulation of the argument username leads to sql injection. It is possible to initiate the… | |||
| CVE-2024-6956 | 0.00 | — | 0.01 | Jul 21, 2024 | A vulnerability was found in itsourcecode University Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view_cgpa.php. The manipulation of the argument VR/VN leads to sql injection. The attack may be launched… | |||
| CVE-2024-6952 | 0.00 | — | 0.01 | Jul 21, 2024 | A vulnerability has been found in itsourcecode University Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view_single_result.php?vr=123321&vn=mirage. The manipulation of the argument seme leads to sql injection. The attack… | |||
| CVE-2024-35469 | 0.00 | — | 0.01 | May 30, 2024 | A SQL injection vulnerability in /hrm/user/ in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter. | |||
| CVE-2024-35468 | 0.00 | — | 0.00 | May 30, 2024 | A SQL injection vulnerability in /hrm/index.php in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter. | |||
| CVE-2024-5116 | 0.00 | — | 0.01 | May 20, 2024 | A vulnerability, which was classified as critical, has been found in SourceCodester Online Examination System 1.0. Affected by this issue is some unknown functionality of the file save.php. The manipulation of the argument vote leads to sql injection. The attack may be launched… | |||
| CVE-2024-5046 | 0.00 | — | 0.01 | May 17, 2024 | A vulnerability was found in SourceCodester Online Examination System 1.0. It has been rated as critical. This issue affects some unknown processing of the file registeracc.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely.… | |||
| CVE-2024-34221 | 0.00 | — | 0.01 | May 13, 2024 | Sourcecodester Human Resource Management System 1.0 is vulnerable to Insecure Permissions resulting in privilege escalation. | |||
| CVE-2024-34222 | 0.00 | — | 0.00 | May 13, 2024 | Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the searccountry parameter. | |||
| CVE-2024-34223 | 0.00 | — | 0.00 | May 13, 2024 | Insecure permission vulnerability in /hrm/leaverequest.php in SourceCodester Human Resource Management System 1.0 allow attackers to approve or reject leave ticket. | |||
| CVE-2024-34220 | 0.00 | — | 0.01 | May 9, 2024 | Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the 'leave' parameter. | |||
| CVE-2024-1266 | 0.00 | — | 0.01 | Feb 7, 2024 | A vulnerability classified as problematic was found in CodeAstro University Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /st_reg.php of the component Student Registration Form. The manipulation of the argument Address leads to… | |||
| CVE-2024-1265 | 0.00 | — | 0.00 | Feb 7, 2024 | A vulnerability classified as problematic has been found in CodeAstro University Management System 1.0. Affected is an unknown function of the file /att_add.php of the component Attendance Management. The manipulation of the argument Student Name leads to cross site scripting.… | |||
| CVE-2023-7108 | 0.00 | — | 0.01 | Dec 26, 2023 | A vulnerability classified as problematic has been found in code-projects E-Commerce Website 1.0. This affects an unknown part of the file user_signup.php. The manipulation of the argument firstname with the input <video/src=x onerror=alert(document.domain)> leads to cross site… | |||
| CVE-2023-7107 | 0.00 | — | 0.01 | Dec 25, 2023 | A vulnerability was found in code-projects E-Commerce Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file user_signup.php. The manipulation of the argument firstname/middlename/email/address/contact/username leads to sql… | |||
| CVE-2023-7106 | 0.00 | — | 0.01 | Dec 25, 2023 | A vulnerability was found in code-projects E-Commerce Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file product_details.php?prod_id=11. The manipulation of the argument prod_id leads to sql injection. The attack… | |||
| CVE-2023-7105 | 0.00 | — | 0.01 | Dec 25, 2023 | A vulnerability was found in code-projects E-Commerce Website 1.0. It has been classified as critical. Affected is an unknown function of the file index_search.php. The manipulation of the argument search leads to sql injection. It is possible to launch the attack remotely. The… | |||
| CVE-2023-45121 | 0.00 | — | 0.01 | Dec 21, 2023 | Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'desc' parameter of the /update.php?q=addquiz resource does not validate the characters received and they are sent unfiltered to the database. | |||
| CVE-2023-45118 | 0.00 | — | 0.01 | Dec 21, 2023 | Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'fdid' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database. | |||
| CVE-2023-45117 | 0.00 | — | 0.01 | Dec 21, 2023 | Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'eid' parameter of the /update.php?q=rmquiz resource does not validate the characters received and they are sent unfiltered to the database. | |||
| CVE-2023-45116 | 0.00 | — | 0.01 | Dec 21, 2023 | Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'demail' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database. | |||
| CVE-2023-6425 | 0.00 | — | 0.00 | Nov 30, 2023 | A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/medical_records_view.php, in the FirstRecord parameter. Exploitation of this vulnerability… | |||
| CVE-2023-6424 | 0.00 | — | 0.00 | Nov 30, 2023 | A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/disease_symptoms_view.php, in the FirstRecord parameter. Exploitation of this vulnerability… | |||
| CVE-2023-6423 | 0.00 | — | 0.00 | Nov 30, 2023 | A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/events_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow… | |||
| CVE-2023-6422 | 0.00 | — | 0.00 | Nov 30, 2023 | A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/patients_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could… | |||
| CVE-2023-45111 | 0.00 | — | 0.01 | Nov 2, 2023 | Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'email' parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database. | |||
| CVE-2023-45203 | 0.00 | — | 0.00 | Nov 1, 2023 | Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the login.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. | |||
| CVE-2023-45202 | 0.00 | — | 0.00 | Nov 1, 2023 | Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the feed.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. | |||
| CVE-2023-43470 | 0.00 | — | 0.01 | Sep 22, 2023 | SQL injection vulnerability in janobe Online Voting System v.1.0 allows a remote attacker to execute arbitrary code via the checklogin.php component. | |||
| CVE-2023-36256 | 0.00 | — | 0.00 | Jul 7, 2023 | The Online Examination System Project 1.0 version is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can craft a malicious link that, when clicked by an admin user, will delete a user account from the database without the admin's consent. The email of the… | |||
| CVE-2023-3391 | 0.00 | — | 0.01 | Jun 23, 2023 | A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file detailview.php. The manipulation of the argument employeeid leads to sql injection. The attack can be initiated… | |||
| CVE-2022-4278 | 0.00 | — | 0.01 | Dec 3, 2022 | A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /hrm/employeeadd.php. The manipulation of the argument empid leads to sql injection. The attack may be… | |||
| CVE-2022-4279 | 0.00 | — | 0.01 | Dec 3, 2022 | A vulnerability classified as problematic has been found in SourceCodester Human Resource Management System 1.0. Affected is an unknown function of the file /hrm/employeeview.php. The manipulation of the argument search leads to cross site scripting. It is possible to launch the… | |||
| CVE-2022-4273 | 0.00 | — | 0.01 | Dec 3, 2022 | A vulnerability, which was classified as critical, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the file /hrm/controller/employee.php of the component Content-Type Handler. The manipulation of the argument… | |||
| CVE-2022-43318 | 0.00 | — | 0.01 | Nov 7, 2022 | Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the stateedit parameter at /hrm/state.php. | |||
| CVE-2022-43317 | 0.00 | — | 0.00 | Nov 7, 2022 | A cross-site scripting (XSS) vulnerability in /hrm/index.php?msg of Human Resource Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||
| CVE-2022-3497 | 0.00 | — | 0.00 | Oct 14, 2022 | A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been classified as problematic. Affected is an unknown function of the component Master List. The manipulation of the argument city/state/country/position leads to cross site scripting. It… | |||
| CVE-2022-3496 | 0.00 | — | 0.00 | Oct 14, 2022 | A vulnerability was found in SourceCodester Human Resource Management System 1.0 and classified as critical. This issue affects some unknown processing of the file employeeadd.php of the component Admin Panel. The manipulation leads to improper access controls. The attack may be… | |||
| CVE-2022-42066 | 0.00 | — | 0.01 | Oct 14, 2022 | Online Examination System version 1.0 suffers from a cross site scripting vulnerability via index.php. | |||
| CVE-2022-3493 | 0.00 | — | 0.00 | Oct 13, 2022 | A vulnerability, which was classified as problematic, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the component Add Employee Handler. The manipulation of the argument First Name/Middle Name/Last Name leads… |
- CVE-2024-10805Nov 4, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in code-projects University Event Management System 1.0. It has been classified as critical. This affects an unknown part of the file doedit.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely.…
- CVE-2024-10760Nov 4, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in code-projects University Event Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dodelete.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely.…
- CVE-2024-10700Nov 2, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in code-projects University Event Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file submit.php. The manipulation of the argument name/email/title/Year/gender/fromdate/todate/people leads to sql…
- CVE-2024-48597Oct 21, 2024risk 0.00cvss —epss 0.00
Online Clinic Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /success/editp.php?action=edit.
- CVE-2024-8217Aug 27, 2024risk 0.00cvss —epss 0.01
A vulnerability has been found in SourceCodester E-Commerce Website 1.0 and classified as critical. This vulnerability affects unknown code of the file /Admin/registration.php. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely.…
- CVE-2024-8139Aug 25, 2024risk 0.00cvss —epss 0.01
A vulnerability has been found in itsourcecode E-Commerce Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file search_list.php. The manipulation of the argument user leads to sql injection. The attack can be launched…
- CVE-2024-7913Aug 18, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in itsourcecode Billing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /addclient1.php. The manipulation of the argument lname/fname/mi/address/contact/meterReader leads to sql injection. The attack may…
- CVE-2024-7839Aug 15, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as critical has been found in itsourcecode Billing System 1.0. This affects an unknown part of the file addbill.php. The manipulation of the argument owners_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been…
- CVE-2024-42843Aug 15, 2024risk 0.00cvss —epss 0.01
Projectworlds Online Examination System v1.0 is vulnerable to SQL Injection via the subject parameter in feed.php.
- CVE-2024-6958Jul 21, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as critical was found in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /st_update.php of the component Avatar File Handler. The manipulation of the argument personal_image leads to unrestricted…
- CVE-2024-6957Jul 21, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as critical has been found in itsourcecode University Management System 1.0. This affects an unknown part of the file functions.php of the component Login. The manipulation of the argument username leads to sql injection. It is possible to initiate the…
- CVE-2024-6956Jul 21, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in itsourcecode University Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view_cgpa.php. The manipulation of the argument VR/VN leads to sql injection. The attack may be launched…
- CVE-2024-6952Jul 21, 2024risk 0.00cvss —epss 0.01
A vulnerability has been found in itsourcecode University Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view_single_result.php?vr=123321&vn=mirage. The manipulation of the argument seme leads to sql injection. The attack…
- CVE-2024-35469May 30, 2024risk 0.00cvss —epss 0.01
A SQL injection vulnerability in /hrm/user/ in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter.
- CVE-2024-35468May 30, 2024risk 0.00cvss —epss 0.00
A SQL injection vulnerability in /hrm/index.php in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter.
- CVE-2024-5116May 20, 2024risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, has been found in SourceCodester Online Examination System 1.0. Affected by this issue is some unknown functionality of the file save.php. The manipulation of the argument vote leads to sql injection. The attack may be launched…
- CVE-2024-5046May 17, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in SourceCodester Online Examination System 1.0. It has been rated as critical. This issue affects some unknown processing of the file registeracc.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely.…
- CVE-2024-34221May 13, 2024risk 0.00cvss —epss 0.01
Sourcecodester Human Resource Management System 1.0 is vulnerable to Insecure Permissions resulting in privilege escalation.
- CVE-2024-34222May 13, 2024risk 0.00cvss —epss 0.00
Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the searccountry parameter.
- CVE-2024-34223May 13, 2024risk 0.00cvss —epss 0.00
Insecure permission vulnerability in /hrm/leaverequest.php in SourceCodester Human Resource Management System 1.0 allow attackers to approve or reject leave ticket.
- CVE-2024-34220May 9, 2024risk 0.00cvss —epss 0.01
Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the 'leave' parameter.
- CVE-2024-1266Feb 7, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as problematic was found in CodeAstro University Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /st_reg.php of the component Student Registration Form. The manipulation of the argument Address leads to…
- CVE-2024-1265Feb 7, 2024risk 0.00cvss —epss 0.00
A vulnerability classified as problematic has been found in CodeAstro University Management System 1.0. Affected is an unknown function of the file /att_add.php of the component Attendance Management. The manipulation of the argument Student Name leads to cross site scripting.…
- CVE-2023-7108Dec 26, 2023risk 0.00cvss —epss 0.01
A vulnerability classified as problematic has been found in code-projects E-Commerce Website 1.0. This affects an unknown part of the file user_signup.php. The manipulation of the argument firstname with the input <video/src=x onerror=alert(document.domain)> leads to cross site…
- CVE-2023-7107Dec 25, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in code-projects E-Commerce Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file user_signup.php. The manipulation of the argument firstname/middlename/email/address/contact/username leads to sql…
- CVE-2023-7106Dec 25, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in code-projects E-Commerce Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file product_details.php?prod_id=11. The manipulation of the argument prod_id leads to sql injection. The attack…
- CVE-2023-7105Dec 25, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in code-projects E-Commerce Website 1.0. It has been classified as critical. Affected is an unknown function of the file index_search.php. The manipulation of the argument search leads to sql injection. It is possible to launch the attack remotely. The…
- CVE-2023-45121Dec 21, 2023risk 0.00cvss —epss 0.01
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'desc' parameter of the /update.php?q=addquiz resource does not validate the characters received and they are sent unfiltered to the database.
- CVE-2023-45118Dec 21, 2023risk 0.00cvss —epss 0.01
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'fdid' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database.
- CVE-2023-45117Dec 21, 2023risk 0.00cvss —epss 0.01
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'eid' parameter of the /update.php?q=rmquiz resource does not validate the characters received and they are sent unfiltered to the database.
- CVE-2023-45116Dec 21, 2023risk 0.00cvss —epss 0.01
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'demail' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database.
- CVE-2023-6425Nov 30, 2023risk 0.00cvss —epss 0.00
A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/medical_records_view.php, in the FirstRecord parameter. Exploitation of this vulnerability…
- CVE-2023-6424Nov 30, 2023risk 0.00cvss —epss 0.00
A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/disease_symptoms_view.php, in the FirstRecord parameter. Exploitation of this vulnerability…
- CVE-2023-6423Nov 30, 2023risk 0.00cvss —epss 0.00
A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/events_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow…
- CVE-2023-6422Nov 30, 2023risk 0.00cvss —epss 0.00
A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/patients_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could…
- CVE-2023-45111Nov 2, 2023risk 0.00cvss —epss 0.01
Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'email' parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database.
- CVE-2023-45203Nov 1, 2023risk 0.00cvss —epss 0.00
Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the login.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.
- CVE-2023-45202Nov 1, 2023risk 0.00cvss —epss 0.00
Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the feed.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.
- CVE-2023-43470Sep 22, 2023risk 0.00cvss —epss 0.01
SQL injection vulnerability in janobe Online Voting System v.1.0 allows a remote attacker to execute arbitrary code via the checklogin.php component.
- CVE-2023-36256Jul 7, 2023risk 0.00cvss —epss 0.00
The Online Examination System Project 1.0 version is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can craft a malicious link that, when clicked by an admin user, will delete a user account from the database without the admin's consent. The email of the…
- CVE-2023-3391Jun 23, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file detailview.php. The manipulation of the argument employeeid leads to sql injection. The attack can be initiated…
- CVE-2022-4278Dec 3, 2022risk 0.00cvss —epss 0.01
A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /hrm/employeeadd.php. The manipulation of the argument empid leads to sql injection. The attack may be…
- CVE-2022-4279Dec 3, 2022risk 0.00cvss —epss 0.01
A vulnerability classified as problematic has been found in SourceCodester Human Resource Management System 1.0. Affected is an unknown function of the file /hrm/employeeview.php. The manipulation of the argument search leads to cross site scripting. It is possible to launch the…
- CVE-2022-4273Dec 3, 2022risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the file /hrm/controller/employee.php of the component Content-Type Handler. The manipulation of the argument…
- CVE-2022-43318Nov 7, 2022risk 0.00cvss —epss 0.01
Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the stateedit parameter at /hrm/state.php.
- CVE-2022-43317Nov 7, 2022risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability in /hrm/index.php?msg of Human Resource Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
- CVE-2022-3497Oct 14, 2022risk 0.00cvss —epss 0.00
A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been classified as problematic. Affected is an unknown function of the component Master List. The manipulation of the argument city/state/country/position leads to cross site scripting. It…
- CVE-2022-3496Oct 14, 2022risk 0.00cvss —epss 0.00
A vulnerability was found in SourceCodester Human Resource Management System 1.0 and classified as critical. This issue affects some unknown processing of the file employeeadd.php of the component Admin Panel. The manipulation leads to improper access controls. The attack may be…
- CVE-2022-42066Oct 14, 2022risk 0.00cvss —epss 0.01
Online Examination System version 1.0 suffers from a cross site scripting vulnerability via index.php.
- CVE-2022-3493Oct 13, 2022risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the component Add Employee Handler. The manipulation of the argument First Name/Middle Name/Last Name leads…
Page 4 of 5