Vendor CVEs
Codeastro
All CVEs
221 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-6042 | 0.00 | — | 0.01 | Jun 16, 2024 | A vulnerability was found in itsourcecode Real Estate Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file property-detail.php. The manipulation of the argument id leads to sql injection. The attack may be… | |||
| CVE-2024-5101 | 0.00 | — | 0.01 | May 19, 2024 | A vulnerability was found in SourceCodester Simple Inventory System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file updateproduct.php. The manipulation of the argument ITEM leads to sql injection. The attack can be initiated remotely.… | |||
| CVE-2024-5100 | 0.00 | — | 0.00 | May 19, 2024 | A vulnerability was found in SourceCodester Simple Inventory System 1.0. It has been classified as critical. This affects an unknown part of the file tableedit.php. The manipulation of the argument from/to leads to sql injection. It is possible to initiate the attack remotely.… | |||
| CVE-2024-5099 | 0.00 | — | 0.00 | May 19, 2024 | A vulnerability was found in SourceCodester Simple Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file updateprice.php. The manipulation of the argument ITEM leads to sql injection. The attack may be launched… | |||
| CVE-2024-5098 | 0.00 | — | 0.00 | May 19, 2024 | A vulnerability has been found in SourceCodester Simple Inventory System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument username leads to sql injection. The exploit has been… | |||
| CVE-2024-5097 | 0.00 | — | 0.00 | May 19, 2024 | A vulnerability, which was classified as problematic, was found in SourceCodester Simple Inventory System 1.0. Affected is an unknown function of the file /tableedit.php#page=editprice. The manipulation of the argument itemnumber leads to cross-site request forgery. It is… | |||
| CVE-2024-2351 | 0.00 | — | 0.01 | Mar 9, 2024 | A vulnerability classified as critical was found in CodeAstro Ecommerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file action.php of the component Search. The manipulation of the argument cat_id/brand_id/keyword leads to sql injection. The… | |||
| CVE-2024-2333 | 0.00 | — | 0.01 | Mar 9, 2024 | A vulnerability classified as critical has been found in CodeAstro Membership Management System 1.0. Affected is an unknown function of the file /add_members.php. The manipulation of the argument fullname leads to sql injection. It is possible to launch the attack remotely. The… | |||
| CVE-2024-2149 | 0.00 | — | 0.01 | Mar 3, 2024 | A vulnerability classified as critical was found in CodeAstro Membership Management System 1.0. This vulnerability affects unknown code of the file settings.php. The manipulation of the argument currency leads to sql injection. The attack can be initiated remotely. The exploit… | |||
| CVE-2024-25866 | 0.00 | — | 0.01 | Feb 28, 2024 | A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the email parameter in the index.php component. | |||
| CVE-2024-25868 | 0.00 | — | 0.01 | Feb 28, 2024 | A Cross Site Scripting (XSS) vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via the membershipType parameter in the add_type.php component. | |||
| CVE-2024-25867 | 0.00 | — | 0.01 | Feb 28, 2024 | A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the membershipType and membershipAmount parameters in the add_type.php component. | |||
| CVE-2024-1924 | 0.00 | — | 0.00 | Feb 27, 2024 | A vulnerability was found in CodeAstro Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the file /get_membership_amount.php. The manipulation of the argument membershipTypeId leads to sql injection. It is possible to initiate… | |||
| CVE-2024-1823 | 0.00 | — | 0.01 | Feb 23, 2024 | A vulnerability classified as critical was found in CodeAstro Simple Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file users.php of the component Backend. The manipulation leads to improper access controls. The attack can be launched… | |||
| CVE-2024-1819 | 0.00 | — | 0.01 | Feb 23, 2024 | A vulnerability was found in CodeAstro Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the component Add Members Tab. The manipulation of the argument Member Photo leads to unrestricted upload. It is possible to initiate the… | |||
| CVE-2024-1818 | 0.00 | — | 0.01 | Feb 23, 2024 | A vulnerability was found in CodeAstro Membership Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /uploads/ of the component Logo Handler. The manipulation leads to unrestricted upload. The attack may be launched… | |||
| CVE-2024-1268 | 0.00 | — | 0.01 | Feb 7, 2024 | A vulnerability, which was classified as critical, was found in CodeAstro Restaurant POS System 1.0. This affects an unknown part of the file update_product.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been… | |||
| CVE-2024-1267 | 0.00 | — | 0.00 | Feb 7, 2024 | A vulnerability, which was classified as problematic, has been found in CodeAstro Restaurant POS System 1.0. Affected by this issue is some unknown functionality of the file create_account.php. The manipulation of the argument Full Name leads to cross site scripting. The attack… | |||
| CVE-2024-1103 | 0.00 | — | 0.01 | Jan 31, 2024 | A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file profile.php of the component Feedback Form. The manipulation of the argument Your Feedback with the input… | |||
| CVE-2024-1031 | 0.00 | — | 0.00 | Jan 30, 2024 | A vulnerability was found in CodeAstro Expense Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file templates/5-Add-Expenses.php of the component Add Expenses Page. The manipulation of the argument item leads to cross… | |||
| CVE-2024-0958 | 0.00 | — | 0.01 | Jan 27, 2024 | A vulnerability was found in CodeAstro Stock Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /index.php of the component Add Category Handler. The manipulation of the argument Category Name/Category Description leads to… | |||
| CVE-2024-0782 | 0.00 | — | 0.01 | Jan 22, 2024 | A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. This vulnerability affects unknown code of the file pass-profile.php. The manipulation of the argument First Name/Last Name/User Name leads to cross site scripting.… | |||
| CVE-2024-0781 | 0.00 | — | 0.01 | Jan 22, 2024 | A vulnerability, which was classified as problematic, was found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_client_signup.php. The manipulation of the argument Client Full Name with the input <meta http-equiv="refresh" content="0;… | |||
| CVE-2024-0773 | 0.00 | — | 0.01 | Jan 21, 2024 | A vulnerability classified as problematic was found in CodeAstro Internet Banking System 1.0. Affected by this vulnerability is an unknown functionality of the file pages_client_signup.php. The manipulation of the argument Client Full Name leads to cross site scripting. The… | |||
| CVE-2024-0543 | 0.00 | — | 0.01 | Jan 15, 2024 | A vulnerability classified as critical has been found in CodeAstro Real Estate Management System up to 1.0. This affects an unknown part of the file propertydetail.php. The manipulation of the argument pid leads to sql injection. It is possible to initiate the attack remotely.… | |||
| CVE-2024-0424 | 0.00 | — | 0.01 | Jan 11, 2024 | A vulnerability classified as problematic has been found in CodeAstro Simple Banking System 1.0. This affects an unknown part of the file createuser.php of the component Create a User Page. The manipulation leads to cross site scripting. It is possible to initiate the attack… | |||
| CVE-2024-0423 | 0.00 | — | 0.01 | Jan 11, 2024 | A vulnerability was found in CodeAstro Online Food Ordering System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file dishes.php. The manipulation of the argument res_id leads to cross site scripting. The attack may be… | |||
| CVE-2024-0346 | 0.00 | — | 0.01 | Jan 9, 2024 | A vulnerability has been found in CodeAstro Vehicle Booking System 1.0 and classified as problematic. This vulnerability affects unknown code of the file usr/user-give-feedback.php of the component Feedback Page. The manipulation of the argument My Testemonial leads to cross… | |||
| CVE-2024-0345 | 0.00 | — | 0.01 | Jan 9, 2024 | A vulnerability, which was classified as problematic, was found in CodeAstro Vehicle Booking System 1.0. This affects an unknown part of the file usr/usr-register.php of the component User Registration. The manipulation of the argument Full_Name/Last_Name/Address with the input… | |||
| CVE-2024-0247 | 0.00 | — | 0.01 | Jan 5, 2024 | A vulnerability classified as critical was found in CodeAstro Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /admin/ of the component Admin Panel. The manipulation of the argument Username leads to sql injection. The attack can be initiated… | |||
| CVE-2024-0194 | 0.00 | — | 0.01 | Jan 2, 2024 | A vulnerability, which was classified as critical, has been found in CodeAstro Internet Banking System up to 1.0. This issue affects some unknown processing of the file pages_account.php of the component Profile Picture Handler. The manipulation leads to unrestricted upload. The… | |||
| CVE-2023-48689 | 0.00 | — | 0.01 | Dec 21, 2023 | Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'byname' parameter of the train.php resource does not validate the characters received and they are sent unfiltered to the database. | |||
| CVE-2023-48687 | 0.00 | — | 0.01 | Dec 21, 2023 | Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'from' parameter of the reservation.php resource does not validate the characters received and they are sent unfiltered to the database. | |||
| CVE-2023-48685 | 0.00 | — | 0.01 | Dec 21, 2023 | Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'psd' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. | |||
| CVE-2023-5796 | 0.00 | — | 0.01 | Oct 26, 2023 | A vulnerability was found in CodeAstro POS System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /setting of the component Logo Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The… | |||
| CVE-2023-5795 | 0.00 | — | 0.01 | Oct 26, 2023 | A vulnerability was found in CodeAstro POS System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /profil of the component Profile Picture Handler. The manipulation leads to unrestricted upload. The attack can be… | |||
| CVE-2023-5699 | 0.00 | — | 0.01 | Oct 22, 2023 | A vulnerability, which was classified as problematic, has been found in CodeAstro Internet Banking System 1.0. This issue affects some unknown processing of the file pages_view_client.php. The manipulation of the argument acc_name with the input Johnnie Reyes'"()&%<ScRiPt… | |||
| CVE-2023-5698 | 0.00 | — | 0.01 | Oct 22, 2023 | A vulnerability classified as problematic was found in CodeAstro Internet Banking System 1.0. This vulnerability affects unknown code of the file pages_deposit_money.php. The manipulation of the argument account_number with the input 421873905--><!-… | |||
| CVE-2023-5697 | 0.00 | — | 0.01 | Oct 22, 2023 | A vulnerability classified as problematic has been found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_withdraw_money.php. The manipulation of the argument account_number with the input 287359614--><!--… | |||
| CVE-2023-5696 | 0.00 | — | 0.00 | Oct 22, 2023 | A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file pages_transfer_money.php. The manipulation of the argument account_number with the input… | |||
| CVE-2023-5695 | 0.00 | — | 0.01 | Oct 22, 2023 | A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file pages_reset_pwd.php. The manipulation of the argument email with the input… | |||
| CVE-2023-5694 | 0.00 | — | 0.01 | Oct 22, 2023 | A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been classified as problematic. Affected is an unknown function of the file pages_system_settings.php. The manipulation of the argument sys_name with the input leads to cross… | |||
| CVE-2023-5693 | 0.00 | — | 0.01 | Oct 22, 2023 | A vulnerability was found in CodeAstro Internet Banking System 1.0 and classified as critical. This issue affects some unknown processing of the file pages_reset_pwd.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The… | |||
| CVE-2023-44174 | 0.00 | — | 0.00 | Sep 28, 2023 | Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Stored Cross-Site Scripting vulnerability. | |||
| CVE-2022-45990 | 0.00 | — | 0.00 | Dec 5, 2022 | A cross-site scripting (XSS) vulnerability in the component /signup_script.php of Ecommerce-Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the eMail parameter. | |||
| CVE-2022-2688 | 0.00 | — | 0.00 | Aug 6, 2022 | A vulnerability was found in SourceCodester Expense Management System. It has been rated as critical. This issue affects the function fetch_report_credit of the file report.php of the component POST Parameter Handler. The manipulation of the argument from/to leads to sql… | |||
| CVE-2022-33061 | 0.00 | — | 0.01 | Jun 29, 2022 | Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_service. | |||
| CVE-2022-33060 | 0.00 | — | 0.01 | Jun 29, 2022 | Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule. | |||
| CVE-2022-33059 | 0.00 | — | 0.01 | Jun 29, 2022 | Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_train. | |||
| CVE-2022-33058 | 0.00 | — | 0.01 | Jun 29, 2022 | Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_message. |
- CVE-2024-6042Jun 16, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in itsourcecode Real Estate Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file property-detail.php. The manipulation of the argument id leads to sql injection. The attack may be…
- CVE-2024-5101May 19, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in SourceCodester Simple Inventory System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file updateproduct.php. The manipulation of the argument ITEM leads to sql injection. The attack can be initiated remotely.…
- CVE-2024-5100May 19, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in SourceCodester Simple Inventory System 1.0. It has been classified as critical. This affects an unknown part of the file tableedit.php. The manipulation of the argument from/to leads to sql injection. It is possible to initiate the attack remotely.…
- CVE-2024-5099May 19, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in SourceCodester Simple Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file updateprice.php. The manipulation of the argument ITEM leads to sql injection. The attack may be launched…
- CVE-2024-5098May 19, 2024risk 0.00cvss —epss 0.00
A vulnerability has been found in SourceCodester Simple Inventory System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument username leads to sql injection. The exploit has been…
- CVE-2024-5097May 19, 2024risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, was found in SourceCodester Simple Inventory System 1.0. Affected is an unknown function of the file /tableedit.php#page=editprice. The manipulation of the argument itemnumber leads to cross-site request forgery. It is…
- CVE-2024-2351Mar 9, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as critical was found in CodeAstro Ecommerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file action.php of the component Search. The manipulation of the argument cat_id/brand_id/keyword leads to sql injection. The…
- CVE-2024-2333Mar 9, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as critical has been found in CodeAstro Membership Management System 1.0. Affected is an unknown function of the file /add_members.php. The manipulation of the argument fullname leads to sql injection. It is possible to launch the attack remotely. The…
- CVE-2024-2149Mar 3, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as critical was found in CodeAstro Membership Management System 1.0. This vulnerability affects unknown code of the file settings.php. The manipulation of the argument currency leads to sql injection. The attack can be initiated remotely. The exploit…
- CVE-2024-25866Feb 28, 2024risk 0.00cvss —epss 0.01
A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the email parameter in the index.php component.
- CVE-2024-25868Feb 28, 2024risk 0.00cvss —epss 0.01
A Cross Site Scripting (XSS) vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via the membershipType parameter in the add_type.php component.
- CVE-2024-25867Feb 28, 2024risk 0.00cvss —epss 0.01
A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the membershipType and membershipAmount parameters in the add_type.php component.
- CVE-2024-1924Feb 27, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in CodeAstro Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the file /get_membership_amount.php. The manipulation of the argument membershipTypeId leads to sql injection. It is possible to initiate…
- CVE-2024-1823Feb 23, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as critical was found in CodeAstro Simple Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file users.php of the component Backend. The manipulation leads to improper access controls. The attack can be launched…
- CVE-2024-1819Feb 23, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in CodeAstro Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the component Add Members Tab. The manipulation of the argument Member Photo leads to unrestricted upload. It is possible to initiate the…
- CVE-2024-1818Feb 23, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in CodeAstro Membership Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /uploads/ of the component Logo Handler. The manipulation leads to unrestricted upload. The attack may be launched…
- CVE-2024-1268Feb 7, 2024risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, was found in CodeAstro Restaurant POS System 1.0. This affects an unknown part of the file update_product.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been…
- CVE-2024-1267Feb 7, 2024risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, has been found in CodeAstro Restaurant POS System 1.0. Affected by this issue is some unknown functionality of the file create_account.php. The manipulation of the argument Full Name leads to cross site scripting. The attack…
- CVE-2024-1103Jan 31, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file profile.php of the component Feedback Form. The manipulation of the argument Your Feedback with the input…
- CVE-2024-1031Jan 30, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in CodeAstro Expense Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file templates/5-Add-Expenses.php of the component Add Expenses Page. The manipulation of the argument item leads to cross…
- CVE-2024-0958Jan 27, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in CodeAstro Stock Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /index.php of the component Add Category Handler. The manipulation of the argument Category Name/Category Description leads to…
- CVE-2024-0782Jan 22, 2024risk 0.00cvss —epss 0.01
A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. This vulnerability affects unknown code of the file pass-profile.php. The manipulation of the argument First Name/Last Name/User Name leads to cross site scripting.…
- CVE-2024-0781Jan 22, 2024risk 0.00cvss —epss 0.01
A vulnerability, which was classified as problematic, was found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_client_signup.php. The manipulation of the argument Client Full Name with the input <meta http-equiv="refresh" content="0;…
- CVE-2024-0773Jan 21, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as problematic was found in CodeAstro Internet Banking System 1.0. Affected by this vulnerability is an unknown functionality of the file pages_client_signup.php. The manipulation of the argument Client Full Name leads to cross site scripting. The…
- CVE-2024-0543Jan 15, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as critical has been found in CodeAstro Real Estate Management System up to 1.0. This affects an unknown part of the file propertydetail.php. The manipulation of the argument pid leads to sql injection. It is possible to initiate the attack remotely.…
- CVE-2024-0424Jan 11, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as problematic has been found in CodeAstro Simple Banking System 1.0. This affects an unknown part of the file createuser.php of the component Create a User Page. The manipulation leads to cross site scripting. It is possible to initiate the attack…
- CVE-2024-0423Jan 11, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in CodeAstro Online Food Ordering System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file dishes.php. The manipulation of the argument res_id leads to cross site scripting. The attack may be…
- CVE-2024-0346Jan 9, 2024risk 0.00cvss —epss 0.01
A vulnerability has been found in CodeAstro Vehicle Booking System 1.0 and classified as problematic. This vulnerability affects unknown code of the file usr/user-give-feedback.php of the component Feedback Page. The manipulation of the argument My Testemonial leads to cross…
- CVE-2024-0345Jan 9, 2024risk 0.00cvss —epss 0.01
A vulnerability, which was classified as problematic, was found in CodeAstro Vehicle Booking System 1.0. This affects an unknown part of the file usr/usr-register.php of the component User Registration. The manipulation of the argument Full_Name/Last_Name/Address with the input…
- CVE-2024-0247Jan 5, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as critical was found in CodeAstro Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /admin/ of the component Admin Panel. The manipulation of the argument Username leads to sql injection. The attack can be initiated…
- CVE-2024-0194Jan 2, 2024risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, has been found in CodeAstro Internet Banking System up to 1.0. This issue affects some unknown processing of the file pages_account.php of the component Profile Picture Handler. The manipulation leads to unrestricted upload. The…
- CVE-2023-48689Dec 21, 2023risk 0.00cvss —epss 0.01
Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'byname' parameter of the train.php resource does not validate the characters received and they are sent unfiltered to the database.
- CVE-2023-48687Dec 21, 2023risk 0.00cvss —epss 0.01
Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'from' parameter of the reservation.php resource does not validate the characters received and they are sent unfiltered to the database.
- CVE-2023-48685Dec 21, 2023risk 0.00cvss —epss 0.01
Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'psd' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.
- CVE-2023-5796Oct 26, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in CodeAstro POS System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /setting of the component Logo Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The…
- CVE-2023-5795Oct 26, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in CodeAstro POS System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /profil of the component Profile Picture Handler. The manipulation leads to unrestricted upload. The attack can be…
- CVE-2023-5699Oct 22, 2023risk 0.00cvss —epss 0.01
A vulnerability, which was classified as problematic, has been found in CodeAstro Internet Banking System 1.0. This issue affects some unknown processing of the file pages_view_client.php. The manipulation of the argument acc_name with the input Johnnie Reyes'"()&%<ScRiPt…
- CVE-2023-5698Oct 22, 2023risk 0.00cvss —epss 0.01
A vulnerability classified as problematic was found in CodeAstro Internet Banking System 1.0. This vulnerability affects unknown code of the file pages_deposit_money.php. The manipulation of the argument account_number with the input 421873905--><!-…
- CVE-2023-5697Oct 22, 2023risk 0.00cvss —epss 0.01
A vulnerability classified as problematic has been found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_withdraw_money.php. The manipulation of the argument account_number with the input 287359614--><!--…
- CVE-2023-5696Oct 22, 2023risk 0.00cvss —epss 0.00
A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file pages_transfer_money.php. The manipulation of the argument account_number with the input…
- CVE-2023-5695Oct 22, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file pages_reset_pwd.php. The manipulation of the argument email with the input…
- CVE-2023-5694Oct 22, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been classified as problematic. Affected is an unknown function of the file pages_system_settings.php. The manipulation of the argument sys_name with the input leads to cross…
- CVE-2023-5693Oct 22, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in CodeAstro Internet Banking System 1.0 and classified as critical. This issue affects some unknown processing of the file pages_reset_pwd.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The…
- CVE-2023-44174Sep 28, 2023risk 0.00cvss —epss 0.00
Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Stored Cross-Site Scripting vulnerability.
- CVE-2022-45990Dec 5, 2022risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability in the component /signup_script.php of Ecommerce-Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the eMail parameter.
- CVE-2022-2688Aug 6, 2022risk 0.00cvss —epss 0.00
A vulnerability was found in SourceCodester Expense Management System. It has been rated as critical. This issue affects the function fetch_report_credit of the file report.php of the component POST Parameter Handler. The manipulation of the argument from/to leads to sql…
- CVE-2022-33061Jun 29, 2022risk 0.00cvss —epss 0.01
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_service.
- CVE-2022-33060Jun 29, 2022risk 0.00cvss —epss 0.01
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule.
- CVE-2022-33059Jun 29, 2022risk 0.00cvss —epss 0.01
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_train.
- CVE-2022-33058Jun 29, 2022risk 0.00cvss —epss 0.01
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_message.
Page 4 of 5