Vendor CVEs
Codeastro
All CVEs
221 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-4064 | 0.00 | — | 0.00 | Apr 29, 2025 | A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/viewenquiry.php. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The… | |||
| CVE-2025-3998 | 0.00 | — | 0.00 | Apr 28, 2025 | A vulnerability classified as critical was found in CodeAstro Membership Management System 1.0. This vulnerability affects unknown code of the file renew.php?id=6. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has… | |||
| CVE-2025-25776 | 0.00 | — | 0.00 | Apr 28, 2025 | Cross-Site Scripting (XSS) vulnerability exists in the User Registration and User Profile features of Codeastro Bus Ticket Booking System v1.0 allows an attacker to execute arbitrary code into the Full Name and Address fields during user registration or profile editing. | |||
| CVE-2025-3975 | 0.00 | — | 0.01 | Apr 27, 2025 | A vulnerability was found in ScriptAndTools eCommerce-website-in-PHP 3.0 and classified as problematic. This issue affects some unknown processing of the file /admin/subscriber-csv.php. The manipulation leads to information disclosure. The attack may be initiated remotely. The… | |||
| CVE-2025-25775 | 0.00 | — | 0.00 | Apr 25, 2025 | Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder. | |||
| CVE-2025-25777 | 0.00 | — | 0.00 | Apr 24, 2025 | Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentication or authorization checks. | |||
| CVE-2025-29015 | 0.00 | — | 0.00 | Apr 17, 2025 | Code Astro Internet Banking System 2.0.0 is vulnerable to Cross Site Scripting (XSS) via the name parameter in /admin/pages_account.php. | |||
| CVE-2025-3557 | 0.00 | — | 0.00 | Apr 14, 2025 | A vulnerability, which was classified as problematic, has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has… | |||
| CVE-2025-3556 | 0.00 | — | 0.01 | Apr 14, 2025 | A vulnerability classified as problematic was found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this vulnerability is an unknown functionality of the file /admin/login.php. The manipulation leads to improper restriction of excessive authentication attempts. The… | |||
| CVE-2025-3555 | 0.00 | — | 0.01 | Apr 14, 2025 | A vulnerability classified as problematic has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected is an unknown function of the file /login.php. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the… | |||
| CVE-2025-29017 | 0.00 | — | 0.01 | Apr 10, 2025 | A Remote Code Execution (RCE) vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profile_pic parameter within pages_view_client.php. | |||
| CVE-2025-29018 | 0.00 | — | 0.00 | Apr 9, 2025 | A Stored Cross-Site Scripting (XSS) vulnerability exists in the name parameter of pages_add_acc_type.php in Code Astro Internet Banking System 2.0.0. | |||
| CVE-2025-3205 | 0.00 | — | 0.00 | Apr 4, 2025 | A vulnerability, which was classified as critical, was found in CodeAstro Student Grading System 1.0. This affects an unknown part of the file studentsubject.php. The manipulation of the argument studentId leads to sql injection. It is possible to initiate the attack remotely.… | |||
| CVE-2025-2419 | 0.00 | — | 0.00 | Mar 17, 2025 | A vulnerability classified as critical has been found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /InsertFeedback.php. The manipulation of the argument txtName/txtEmail/txtMobile/txtFeedback leads to sql injection. It… | |||
| CVE-2025-2384 | 0.00 | — | 0.00 | Mar 17, 2025 | A vulnerability, which was classified as critical, was found in code-projects Real Estate Property Management System 1.0. This affects an unknown part of the file /InsertCustomer.php of the component Parameter Handler. The manipulation of the argument… | |||
| CVE-2025-1576 | 0.00 | — | 0.01 | Feb 23, 2025 | A vulnerability classified as critical was found in code-projects Real Estate Property Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax_state.php. The manipulation of the argument StateName as part of String leads to sql… | |||
| CVE-2025-1381 | 0.00 | — | 0.00 | Feb 17, 2025 | A vulnerability was found in code-projects Real Estate Property Management System 1.0. It has been classified as critical. This affects an unknown part of the file /ajax_city.php. The manipulation of the argument CityName leads to sql injection. It is possible to initiate the… | |||
| CVE-2025-1379 | 0.00 | — | 0.00 | Feb 17, 2025 | A vulnerability has been found in code-projects Real Estate Property Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /Admin/CustomerReport.php. The manipulation of the argument city leads to sql injection.… | |||
| CVE-2025-1374 | 0.00 | — | 0.00 | Feb 17, 2025 | A vulnerability classified as critical has been found in code-projects Real Estate Property Management System 1.0. This affects an unknown part of the file /search.php. The manipulation of the argument StateName/CityName/AreaName/CatId leads to sql injection. It is possible to… | |||
| CVE-2025-1197 | 0.00 | — | 0.00 | Feb 12, 2025 | A vulnerability has been found in code-projects Real Estate Property Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /_parse/load_user-profile.php. The manipulation of the argument userhash leads to sql… | |||
| CVE-2025-1196 | 0.00 | — | 0.00 | Feb 12, 2025 | A vulnerability, which was classified as problematic, was found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /search.php. The manipulation of the argument PropertyName leads to cross site scripting. It is possible to… | |||
| CVE-2025-1195 | 0.00 | — | 0.00 | Feb 12, 2025 | A vulnerability, which was classified as problematic, has been found in code-projects Real Estate Property Management System 1.0. This issue affects some unknown processing of the file /Admin/EditCategory. The manipulation of the argument CategoryId leads to cross site… | |||
| CVE-2025-1171 | 0.00 | — | 0.00 | Feb 11, 2025 | A vulnerability classified as problematic was found in code-projects Real Estate Property Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /Admin/CustomerReport.php. The manipulation of the argument Address leads to cross site… | |||
| CVE-2025-1170 | 0.00 | — | 0.00 | Feb 11, 2025 | A vulnerability classified as problematic has been found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /Admin/Category.php. The manipulation of the argument Desc leads to cross site scripting. It is possible to launch… | |||
| CVE-2024-56889 | 0.00 | — | 0.01 | Feb 6, 2025 | Incorrect access control in the endpoint /admin/m_delete.php of CodeAstro Complaint Management System v1.0 allows unauthorized attackers to arbitrarily delete complaints via modification of the id parameter. | |||
| CVE-2024-56924 | 0.00 | — | 0.00 | Jan 22, 2025 | A Cross Site Request Forgery (CSRF) vulnerability in Code Astro Internet banking system 2.0.0 allows remote attackers to execute arbitrary JavaScript on the admin page (pages_account), potentially leading to unauthorized actions such as changing account settings or stealing… | |||
| CVE-2024-55507 | 0.00 | — | 0.01 | Jan 3, 2025 | An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the delete_e.php component. | |||
| CVE-2024-13070 | 0.00 | — | 0.01 | Dec 31, 2024 | A vulnerability was found in CodeAstro Online Food Ordering System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/update_users.php of the component Update User Page. The manipulation of the argument user_upd… | |||
| CVE-2024-13067 | 0.00 | — | 0.01 | Dec 31, 2024 | A vulnerability was found in CodeAstro Online Food Ordering System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/all_users.php of the component All Users Page. The manipulation leads to improper access controls. The attack may be… | |||
| CVE-2024-13038 | 0.00 | — | 0.01 | Dec 30, 2024 | A vulnerability was found in CodeAstro Simple Loan Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login. The manipulation of the argument email leads to sql injection.… | |||
| CVE-2024-55509 | 0.00 | — | 0.01 | Dec 20, 2024 | SQL injection vulnerability in CodeAstro Complaint Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via the id parameter of the delete.php component. | |||
| CVE-2024-55505 | 0.00 | — | 0.01 | Dec 18, 2024 | An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the mess-view.php component. | |||
| CVE-2024-55506 | 0.00 | — | 0.01 | Dec 18, 2024 | An IDOR vulnerability in CodeAstro's Complaint Management System v1.0 (version with 0 updates) enables an attacker to execute arbitrary code and obtain sensitive information via the delete.php file and modifying the id parameter. | |||
| CVE-2024-11678 | 0.00 | — | 0.00 | Nov 26, 2024 | A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /backend/doc/his_doc_register_patient.php. The manipulation of the argument pat_fname/pat_ailment/pat_lname/pat_age/pat_… | |||
| CVE-2024-11677 | 0.00 | — | 0.00 | Nov 26, 2024 | A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /backend/admin/his_admin_add_vendor.php of the component Add Vendor Details Page. The manipulation of the argument… | |||
| CVE-2024-11676 | 0.00 | — | 0.00 | Nov 26, 2024 | A vulnerability was found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /backend/admin/his_admin_add_lab_equipment.php of the component Add Laboratory Equipment Page. The manipulation… | |||
| CVE-2024-11675 | 0.00 | — | 0.00 | Nov 26, 2024 | A vulnerability has been found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /backend/admin/his_admin_register_patient.php of the component Add Patient Details Page. The… | |||
| CVE-2024-11674 | 0.00 | — | 0.01 | Nov 25, 2024 | A vulnerability, which was classified as critical, was found in CodeAstro Hospital Management System 1.0. Affected is an unknown function of the file /backend/doc/his_doc_update-account.php. The manipulation of the argument doc_dpic leads to unrestricted upload. It is possible… | |||
| CVE-2024-11058 | 0.00 | — | 0.01 | Nov 10, 2024 | A vulnerability was found in CodeAstro Real Estate Management System up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /aboutedit.php of the component About Us Page. The manipulation of the argument id leads to sql injection. The… | |||
| CVE-2024-11000 | 0.00 | — | 0.01 | Nov 8, 2024 | A vulnerability classified as problematic was found in CodeAstro Real Estate Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /aboutedit.php of the component About Us Page. The manipulation of the argument aimage leads to unrestricted… | |||
| CVE-2024-10999 | 0.00 | — | 0.01 | Nov 8, 2024 | A vulnerability classified as problematic has been found in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /aboutadd.php of the component About Us Page. The manipulation of the argument aimage leads to unrestricted upload. It is possible… | |||
| CVE-2024-48709 | 0.00 | — | 0.00 | Oct 21, 2024 | CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the membershipType parameter in edit_type.php | |||
| CVE-2024-46236 | 0.00 | — | 0.00 | Oct 21, 2024 | CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the address parameter in add_members.php and edit_member.php. | |||
| CVE-2024-46470 | 0.00 | — | 0.00 | Sep 27, 2024 | Cross Site Scripting vulnerability in CodeAstro Membership Management System 1.0 allows attackers to run malicious JavaScript via the membership_type field in the edit-type.php component. | |||
| CVE-2024-46472 | 0.00 | — | 0.00 | Sep 27, 2024 | CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection via the parameter 'email' in the Login Page. | |||
| CVE-2024-46471 | 0.00 | — | 0.01 | Sep 27, 2024 | The Directory Listing in /uploads/ Folder in CodeAstro Membership Management System 1.0 exposes the structure and contents of directories, potentially revealing sensitive information. | |||
| CVE-2024-45528 | 0.00 | — | 0.00 | Sep 2, 2024 | CodeAstro MembershipM-PHP (aka Membership Management System in PHP) 1.0 allows add_members.php fullname stored XSS. | |||
| CVE-2024-7912 | 0.00 | — | 0.01 | Aug 18, 2024 | A vulnerability was found in CodeAstro Online Railway Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/assets/. The manipulation leads to exposure of information through directory listing. The attack can be… | |||
| CVE-2024-7910 | 0.00 | — | 0.01 | Aug 18, 2024 | A vulnerability was found in CodeAstro Online Railway Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/emp-profile-avatar.php of the component Profile Photo Update Handler. The manipulation leads to… | |||
| CVE-2024-7814 | 0.00 | — | 0.00 | Aug 15, 2024 | A vulnerability, which was classified as problematic, was found in CodeAstro Online Railway Reservation System 1.0. Affected is an unknown function of the file /admin/admin-add-employee.php of the component Add Employee Page. The manipulation of the argument emp_fname /emp_lname… |
- CVE-2025-4064Apr 29, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/viewenquiry.php. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The…
- CVE-2025-3998Apr 28, 2025risk 0.00cvss —epss 0.00
A vulnerability classified as critical was found in CodeAstro Membership Management System 1.0. This vulnerability affects unknown code of the file renew.php?id=6. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has…
- CVE-2025-25776Apr 28, 2025risk 0.00cvss —epss 0.00
Cross-Site Scripting (XSS) vulnerability exists in the User Registration and User Profile features of Codeastro Bus Ticket Booking System v1.0 allows an attacker to execute arbitrary code into the Full Name and Address fields during user registration or profile editing.
- CVE-2025-3975Apr 27, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in ScriptAndTools eCommerce-website-in-PHP 3.0 and classified as problematic. This issue affects some unknown processing of the file /admin/subscriber-csv.php. The manipulation leads to information disclosure. The attack may be initiated remotely. The…
- CVE-2025-25775Apr 25, 2025risk 0.00cvss —epss 0.00
Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder.
- CVE-2025-25777Apr 24, 2025risk 0.00cvss —epss 0.00
Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentication or authorization checks.
- CVE-2025-29015Apr 17, 2025risk 0.00cvss —epss 0.00
Code Astro Internet Banking System 2.0.0 is vulnerable to Cross Site Scripting (XSS) via the name parameter in /admin/pages_account.php.
- CVE-2025-3557Apr 14, 2025risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has…
- CVE-2025-3556Apr 14, 2025risk 0.00cvss —epss 0.01
A vulnerability classified as problematic was found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this vulnerability is an unknown functionality of the file /admin/login.php. The manipulation leads to improper restriction of excessive authentication attempts. The…
- CVE-2025-3555Apr 14, 2025risk 0.00cvss —epss 0.01
A vulnerability classified as problematic has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected is an unknown function of the file /login.php. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the…
- CVE-2025-29017Apr 10, 2025risk 0.00cvss —epss 0.01
A Remote Code Execution (RCE) vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profile_pic parameter within pages_view_client.php.
- CVE-2025-29018Apr 9, 2025risk 0.00cvss —epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability exists in the name parameter of pages_add_acc_type.php in Code Astro Internet Banking System 2.0.0.
- CVE-2025-3205Apr 4, 2025risk 0.00cvss —epss 0.00
A vulnerability, which was classified as critical, was found in CodeAstro Student Grading System 1.0. This affects an unknown part of the file studentsubject.php. The manipulation of the argument studentId leads to sql injection. It is possible to initiate the attack remotely.…
- CVE-2025-2419Mar 17, 2025risk 0.00cvss —epss 0.00
A vulnerability classified as critical has been found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /InsertFeedback.php. The manipulation of the argument txtName/txtEmail/txtMobile/txtFeedback leads to sql injection. It…
- CVE-2025-2384Mar 17, 2025risk 0.00cvss —epss 0.00
A vulnerability, which was classified as critical, was found in code-projects Real Estate Property Management System 1.0. This affects an unknown part of the file /InsertCustomer.php of the component Parameter Handler. The manipulation of the argument…
- CVE-2025-1576Feb 23, 2025risk 0.00cvss —epss 0.01
A vulnerability classified as critical was found in code-projects Real Estate Property Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax_state.php. The manipulation of the argument StateName as part of String leads to sql…
- CVE-2025-1381Feb 17, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in code-projects Real Estate Property Management System 1.0. It has been classified as critical. This affects an unknown part of the file /ajax_city.php. The manipulation of the argument CityName leads to sql injection. It is possible to initiate the…
- CVE-2025-1379Feb 17, 2025risk 0.00cvss —epss 0.00
A vulnerability has been found in code-projects Real Estate Property Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /Admin/CustomerReport.php. The manipulation of the argument city leads to sql injection.…
- CVE-2025-1374Feb 17, 2025risk 0.00cvss —epss 0.00
A vulnerability classified as critical has been found in code-projects Real Estate Property Management System 1.0. This affects an unknown part of the file /search.php. The manipulation of the argument StateName/CityName/AreaName/CatId leads to sql injection. It is possible to…
- CVE-2025-1197Feb 12, 2025risk 0.00cvss —epss 0.00
A vulnerability has been found in code-projects Real Estate Property Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /_parse/load_user-profile.php. The manipulation of the argument userhash leads to sql…
- CVE-2025-1196Feb 12, 2025risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, was found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /search.php. The manipulation of the argument PropertyName leads to cross site scripting. It is possible to…
- CVE-2025-1195Feb 12, 2025risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, has been found in code-projects Real Estate Property Management System 1.0. This issue affects some unknown processing of the file /Admin/EditCategory. The manipulation of the argument CategoryId leads to cross site…
- CVE-2025-1171Feb 11, 2025risk 0.00cvss —epss 0.00
A vulnerability classified as problematic was found in code-projects Real Estate Property Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /Admin/CustomerReport.php. The manipulation of the argument Address leads to cross site…
- CVE-2025-1170Feb 11, 2025risk 0.00cvss —epss 0.00
A vulnerability classified as problematic has been found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /Admin/Category.php. The manipulation of the argument Desc leads to cross site scripting. It is possible to launch…
- CVE-2024-56889Feb 6, 2025risk 0.00cvss —epss 0.01
Incorrect access control in the endpoint /admin/m_delete.php of CodeAstro Complaint Management System v1.0 allows unauthorized attackers to arbitrarily delete complaints via modification of the id parameter.
- CVE-2024-56924Jan 22, 2025risk 0.00cvss —epss 0.00
A Cross Site Request Forgery (CSRF) vulnerability in Code Astro Internet banking system 2.0.0 allows remote attackers to execute arbitrary JavaScript on the admin page (pages_account), potentially leading to unauthorized actions such as changing account settings or stealing…
- CVE-2024-55507Jan 3, 2025risk 0.00cvss —epss 0.01
An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the delete_e.php component.
- CVE-2024-13070Dec 31, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in CodeAstro Online Food Ordering System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/update_users.php of the component Update User Page. The manipulation of the argument user_upd…
- CVE-2024-13067Dec 31, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in CodeAstro Online Food Ordering System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/all_users.php of the component All Users Page. The manipulation leads to improper access controls. The attack may be…
- CVE-2024-13038Dec 30, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in CodeAstro Simple Loan Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login. The manipulation of the argument email leads to sql injection.…
- CVE-2024-55509Dec 20, 2024risk 0.00cvss —epss 0.01
SQL injection vulnerability in CodeAstro Complaint Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via the id parameter of the delete.php component.
- CVE-2024-55505Dec 18, 2024risk 0.00cvss —epss 0.01
An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the mess-view.php component.
- CVE-2024-55506Dec 18, 2024risk 0.00cvss —epss 0.01
An IDOR vulnerability in CodeAstro's Complaint Management System v1.0 (version with 0 updates) enables an attacker to execute arbitrary code and obtain sensitive information via the delete.php file and modifying the id parameter.
- CVE-2024-11678Nov 26, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /backend/doc/his_doc_register_patient.php. The manipulation of the argument pat_fname/pat_ailment/pat_lname/pat_age/pat_…
- CVE-2024-11677Nov 26, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /backend/admin/his_admin_add_vendor.php of the component Add Vendor Details Page. The manipulation of the argument…
- CVE-2024-11676Nov 26, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /backend/admin/his_admin_add_lab_equipment.php of the component Add Laboratory Equipment Page. The manipulation…
- CVE-2024-11675Nov 26, 2024risk 0.00cvss —epss 0.00
A vulnerability has been found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /backend/admin/his_admin_register_patient.php of the component Add Patient Details Page. The…
- CVE-2024-11674Nov 25, 2024risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, was found in CodeAstro Hospital Management System 1.0. Affected is an unknown function of the file /backend/doc/his_doc_update-account.php. The manipulation of the argument doc_dpic leads to unrestricted upload. It is possible…
- CVE-2024-11058Nov 10, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in CodeAstro Real Estate Management System up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /aboutedit.php of the component About Us Page. The manipulation of the argument id leads to sql injection. The…
- CVE-2024-11000Nov 8, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as problematic was found in CodeAstro Real Estate Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /aboutedit.php of the component About Us Page. The manipulation of the argument aimage leads to unrestricted…
- CVE-2024-10999Nov 8, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as problematic has been found in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /aboutadd.php of the component About Us Page. The manipulation of the argument aimage leads to unrestricted upload. It is possible…
- CVE-2024-48709Oct 21, 2024risk 0.00cvss —epss 0.00
CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the membershipType parameter in edit_type.php
- CVE-2024-46236Oct 21, 2024risk 0.00cvss —epss 0.00
CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the address parameter in add_members.php and edit_member.php.
- CVE-2024-46470Sep 27, 2024risk 0.00cvss —epss 0.00
Cross Site Scripting vulnerability in CodeAstro Membership Management System 1.0 allows attackers to run malicious JavaScript via the membership_type field in the edit-type.php component.
- CVE-2024-46472Sep 27, 2024risk 0.00cvss —epss 0.00
CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection via the parameter 'email' in the Login Page.
- CVE-2024-46471Sep 27, 2024risk 0.00cvss —epss 0.01
The Directory Listing in /uploads/ Folder in CodeAstro Membership Management System 1.0 exposes the structure and contents of directories, potentially revealing sensitive information.
- CVE-2024-45528Sep 2, 2024risk 0.00cvss —epss 0.00
CodeAstro MembershipM-PHP (aka Membership Management System in PHP) 1.0 allows add_members.php fullname stored XSS.
- CVE-2024-7912Aug 18, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in CodeAstro Online Railway Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/assets/. The manipulation leads to exposure of information through directory listing. The attack can be…
- CVE-2024-7910Aug 18, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in CodeAstro Online Railway Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/emp-profile-avatar.php of the component Profile Photo Update Handler. The manipulation leads to…
- CVE-2024-7814Aug 15, 2024risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, was found in CodeAstro Online Railway Reservation System 1.0. Affected is an unknown function of the file /admin/admin-add-employee.php of the component Add Employee Page. The manipulation of the argument emp_fname /emp_lname…
Page 3 of 5