VYPR

Vendor CVEs

Mayurik

All CVEs

199 total · sorted by risk
  • CVE-2023-0533Jan 27, 2023
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, has been found in SourceCodester Online Tours & Travels Management System 1.0. Affected by this issue is some unknown functionality of the file admin/expense_report.php. The manipulation of the argument from_date leads to sql…

  • CVE-2023-0532Jan 27, 2023
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in SourceCodester Online Tours & Travels Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/disapprove_user.php. The manipulation of the argument id leads to sql injection. The…

  • CVE-2023-0531Jan 27, 2023
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file admin/booking_report.php. The manipulation of the argument to_date leads to sql injection. It is possible to launch…

  • CVE-2023-0530Jan 27, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/approve_user.php. The manipulation of the argument id leads to sql injection. The attack may be…

  • CVE-2023-0529Jan 27, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/add_payment.php. The manipulation of the argument id leads to sql injection. The attack can be…

  • CVE-2023-0528Jan 27, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. This affects an unknown part of the file admin/abc.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack…

  • CVE-2023-0516Jan 26, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. Affected is an unknown function of the file user/forget_password.php of the component Parameter Handler. The manipulation of the argument email leads to…

  • CVE-2023-0515Jan 26, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This issue affects some unknown processing of the file admin/forget_password.php of the component Parameter Handler. The manipulation of the argument email leads…

  • CVE-2023-0324Jan 16, 2023
    risk 0.00cvss epss 0.19

    A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/page-login.php. The manipulation of the argument email leads to sql injection. The attack…

  • CVE-2022-4403Dec 11, 2022
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in SourceCodester Canteen Management System. This vulnerability affects unknown code of the file ajax_represent.php. The manipulation of the argument customer_id leads to sql injection. The attack can be initiated remotely. The…

  • CVE-2022-4252Dec 1, 2022
    risk 0.00cvss epss 0.00

    A vulnerability was found in SourceCodester Canteen Management System. It has been classified as problematic. This affects the function builtin_echo of the file categories.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The…

  • CVE-2022-4253Dec 1, 2022
    risk 0.00cvss epss 0.00

    A vulnerability was found in SourceCodester Canteen Management System. It has been declared as problematic. This vulnerability affects the function builtin_echo of the file customer.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The…

  • CVE-2022-4222Nov 30, 2022
    risk 0.00cvss epss 0.01

    A vulnerability was found in SourceCodester Canteen Management System. It has been rated as critical. This issue affects the function query of the file ajax_invoice.php of the component POST Request Handler. The manipulation of the argument search leads to sql injection. The…

  • CVE-2022-4234Nov 30, 2022
    risk 0.00cvss epss 0.00

    A vulnerability was found in SourceCodester Canteen Management System. It has been rated as problematic. This issue affects the function builtin_echo of the file youthappam/brand.php. The manipulation of the argument brand_name leads to cross site scripting. The attack may be…

  • CVE-2022-44279Nov 29, 2022
    risk 0.00cvss epss 0.01

    Garage Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /garage/php_action/createBrand.php.

  • CVE-2022-4091Nov 25, 2022
    risk 0.00cvss epss 0.00

    A vulnerability was found in SourceCodester Canteen Management System. It has been classified as problematic. This affects the function query of the file food.php. The manipulation of the argument product_name leads to cross site scripting. It is possible to initiate the attack…

  • CVE-2022-43213Nov 23, 2022
    risk 0.00cvss epss 0.01

    Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editorder.php.

  • CVE-2022-43215Nov 22, 2022
    risk 0.00cvss epss 0.01

    Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the endDate parameter at getOrderReport.php.

  • CVE-2022-43212Nov 22, 2022
    risk 0.00cvss epss 0.01

    Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at fetchOrderData.php.

  • CVE-2022-43265Nov 15, 2022
    risk 0.00cvss epss 0.01

    An arbitrary file upload vulnerability in the component /pages/save_user.php of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

  • CVE-2022-43146Nov 14, 2022
    risk 0.00cvss epss 0.01

    An arbitrary file upload vulnerability in the image upload function of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

  • CVE-2022-43278Nov 9, 2022
    risk 0.00cvss epss 0.01

    Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the categoriesId parameter at /php_action/fetchSelectedCategories.php.

  • CVE-2022-43290Nov 9, 2022
    risk 0.00cvss epss 0.01

    Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editcategory.php.

  • CVE-2022-43292Nov 9, 2022
    risk 0.00cvss epss 0.01

    Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editfood.php.

  • CVE-2022-43050Nov 7, 2022
    risk 0.00cvss epss 0.01

    Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component update_profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

  • CVE-2022-41551Nov 2, 2022
    risk 0.00cvss epss 0.01

    Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editorder.php.

  • CVE-2022-43331Nov 1, 2022
    risk 0.00cvss epss 0.01

    Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php_action/printOrder.php.

  • CVE-2022-43328Nov 1, 2022
    risk 0.00cvss epss 0.01

    Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /editorder.php.

  • CVE-2022-43231Oct 28, 2022
    risk 0.00cvss epss 0.01

    Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/manage_website.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

  • CVE-2022-43276Oct 28, 2022
    risk 0.00cvss epss 0.01

    Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the productId parameter at /php_action/fetchSelectedfood.php.

  • CVE-2022-3584Oct 18, 2022
    risk 0.00cvss epss 0.01

    A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file edituser.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The…

  • CVE-2022-3583Oct 18, 2022
    risk 0.00cvss epss 0.01

    A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument business leads to sql injection. The attack can be initiated remotely. The…

  • CVE-2022-42142Oct 17, 2022
    risk 0.00cvss epss 0.01

    Online Tours & Travels Management System v1.0 is vulnerable to Arbitrary code execution via ip/tour/admin/operations/update_settings.php.

  • CVE-2022-41498Oct 17, 2022
    risk 0.00cvss epss 0.01

    Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editbrand.php.

  • CVE-2022-41416Oct 14, 2022
    risk 0.00cvss epss 0.01

    Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /user/update_booking.php.

  • CVE-2022-41514Oct 7, 2022
    risk 0.00cvss epss 0.01

    Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_loan.

  • CVE-2022-41515Oct 7, 2022
    risk 0.00cvss epss 0.01

    Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_payment.

  • CVE-2022-41440Sep 30, 2022
    risk 0.00cvss epss 0.01

    Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editcategory.php.

  • CVE-2022-41437Sep 30, 2022
    risk 0.00cvss epss 0.01

    Billing System Project v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/createProduct.php.

  • CVE-2022-40353Sep 27, 2022
    risk 0.00cvss epss 0.01

    Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/up_booking.php.

  • CVE-2022-40352Sep 27, 2022
    risk 0.00cvss epss 0.01

    Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_traveller.php.

  • CVE-2022-40099Sep 26, 2022
    risk 0.00cvss epss 0.01

    Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_expense_category.php.

  • CVE-2022-40093Sep 23, 2022
    risk 0.00cvss epss 0.01

    Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_tax.php.

  • CVE-2022-40092Sep 23, 2022
    risk 0.00cvss epss 0.01

    Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_payment.php.

  • CVE-2022-40091Sep 23, 2022
    risk 0.00cvss epss 0.01

    Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_packages.php.

  • CVE-2022-38877Sep 16, 2022
    risk 0.00cvss epss 0.01

    Garage Management System v1.0 is vulnerable to Arbitrary code execution via ip/garage/php_action/editProductImage.php?id=1.

  • CVE-2022-38606Sep 12, 2022
    risk 0.00cvss epss 0.01

    Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editcategory.php.

  • CVE-2022-2802Aug 12, 2022
    risk 0.00cvss epss 0.01

    A vulnerability has been found in SourceCodester Gas Agency Management System and classified as critical. This vulnerability affects unknown code of the file gasmark/login.php. The manipulation of the argument username leads to sql injection. The attack can be initiated…

  • CVE-2022-2779Aug 12, 2022
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in SourceCodester Gas Agency Management System. Affected by this vulnerability is an unknown functionality of the file /gasmark/assets/myimages/oneWord.php. The manipulation of the argument shell leads to unrestricted upload. The…

Page 4 of 4