Vendor CVEs
Oretnom23
All CVEs
440 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-28026 | 0.00 | — | 0.01 | Apr 21, 2022 | Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=student_p&id=. | |||
| CVE-2022-28415 | 0.00 | — | 0.01 | Apr 21, 2022 | Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_collection. | |||
| CVE-2022-28417 | 0.00 | — | 0.01 | Apr 21, 2022 | Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_phase. | |||
| CVE-2022-28468 | 0.00 | — | 0.02 | Apr 5, 2022 | Payroll Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter. | |||
| CVE-2022-28116 | 0.00 | — | 0.01 | Apr 5, 2022 | Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter. | |||
| CVE-2022-27304 | 0.00 | — | 0.01 | Apr 5, 2022 | Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via the user parameter. | |||
| CVE-2022-27123 | 0.00 | — | 0.01 | Apr 5, 2022 | Employee Performance Evaluation v1.0 was discovered to contain a SQL injection vulnerability via the email parameter. | |||
| CVE-2022-26170 | 0.00 | — | 0.01 | Mar 2, 2022 | Simple Mobile Comparison Website v1.0 was discovered to contain a SQL injection vulnerability via the search parameter. | |||
| CVE-2022-26169 | 0.00 | — | 0.01 | Mar 2, 2022 | Air Cargo Management System v1.0 was discovered to contain a SQL injection vulnerability via the ref_code parameter. | |||
| CVE-2022-25045 | 0.00 | — | 0.01 | Mar 2, 2022 | Home Owners Collection Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. | |||
| CVE-2022-25016 | 0.00 | — | 0.02 | Mar 2, 2022 | Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /student_attendance/index.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||
| CVE-2022-25028 | 0.00 | — | 0.01 | Feb 28, 2022 | Home Owners Collection Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the collected_by parameter under the List of Collections module. | |||
| CVE-2022-25096 | 0.00 | — | 0.02 | Feb 25, 2022 | Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/view_member.php. | |||
| CVE-2022-25095 | 0.00 | — | 0.01 | Feb 25, 2022 | Home Owners Collection Management System v1.0 allows unauthenticated attackers to compromise user accounts via a crafted POST request. | |||
| CVE-2022-24582 | 0.00 | — | 0.01 | Feb 22, 2022 | Accounting Journal Management 1.0 is vulnerable to XSS-PHPSESSID-Hijacking. The parameter manage_user from User lists is vulnerable to XSS-Stored and PHPSESSID attacks. The malicious user can attack the system by using the already session which he has from inside and outside of… | |||
| CVE-2021-45435 | 0.00 | — | 0.01 | Jan 28, 2022 | An SQL Injection vulnerability exists in Sourcecodester Simple Cold Storage Management System using PHP/OOP 1.0 via the username field in login.php. | |||
| CVE-2021-46451 | 0.00 | — | 0.01 | Jan 24, 2022 | An SQL Injection vulnerabilty exists in Sourcecodester Online Project Time Management System 1.0 via the pid parameter in the load_file function. | |||
| CVE-2021-41928 | 0.00 | — | 0.02 | Jan 24, 2022 | SQL injection in Sourcecodester Try My Recipe (Recipe Sharing Website - CMS) 1.0 by oretnom23, allows attackers to execute arbitrary code via the rid parameter to the view_recipe page. | |||
| CVE-2021-42168 | 0.00 | — | 0.01 | Jan 24, 2022 | Cross Site Scripting (XSS) in Sourcecodester Try My Recipe (Recipe Sharing Website - CMS) by oretnom23, allows attackers to gain the PHPSESID or other unspecified impacts via the fullname parameter to the login_registration page. | |||
| CVE-2021-41930 | 0.00 | — | 0.01 | Jan 24, 2022 | Cross site scripting (XSS) vulnerability in Sourcecodester Online Covid Vaccination Scheduler System v1 by oretnom23, allows attackers to execute arbitrary code via the lid parameter to /scheduler/addSchedule.php. | |||
| CVE-2021-41929 | 0.00 | — | 0.01 | Jan 24, 2022 | Cross Site Scripting (XSS) in Sourcecodester The Electric Billing Management System 1.0 by oretnom23, allows attackers to execute arbitrary code via the about page. | |||
| CVE-2021-41659 | 0.00 | — | 0.01 | Jan 24, 2022 | SQL injection vulnerability in Sourcecodester Banking System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username or password field. | |||
| CVE-2021-40909 | 0.00 | — | 0.02 | Jan 24, 2022 | Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD without Refresh/Reload using Ajax and DataTables Tutorial v1 by oretnom23, allows remote attackers to execute arbitrary code via the first_name, last_name, and email parameters to /ajax_crud. | |||
| CVE-2021-40595 | 0.00 | — | 0.01 | Jan 21, 2022 | SQL injection vulnerability in Sourcecodester Online Leave Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /leave_system/classes/Login.php. | |||
| CVE-2021-46201 | 0.00 | — | 0.02 | Jan 21, 2022 | An SQL Injection vulnerability exists in Sourcecodester Online Resort Management System 1.0 via the id parameterv in /orms/ node. | |||
| CVE-2021-46198 | 0.00 | — | 0.02 | Jan 21, 2022 | An SQL Injection vulnerability exists in Sourceodester Courier Management System 1.0 via the email parameter in /cms/ajax.php app. | |||
| CVE-2021-46061 | 0.00 | — | 0.02 | Jan 20, 2022 | An SQL Injection vulnerability exists in Sourcecodester Computer and Mobile Repair Shop Management system (RSMS) 1.0 via the code parameter in /rsms/ node app. | |||
| CVE-2021-45252 | 0.00 | — | 0.01 | Dec 21, 2021 | Multiple SQL injection vulnerabilities are found on Simple Forum-Discussion System 1.0 For example on three applications which are manage_topic.php, manage_user.php, and ajax.php. The attacker can be retrieving all information from the database of this system by using this… | |||
| CVE-2021-37803 | 0.00 | — | 0.02 | Oct 27, 2021 | An SQL Injection vulnerability exists in Sourcecodester Online Covid Vaccination Scheduler System 1.0 via the username in lognin.php . | |||
| CVE-2021-42169 | 0.00 | — | 0.03 | Oct 22, 2021 | The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code (by: oretnom23 ) is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account. The parameter (username) from the login form is not protected correctly and there is no… | |||
| CVE-2021-36622 | 0.00 | — | 0.02 | Aug 3, 2021 | Sourcecodester Online Covid Vaccination Scheduler System 1.0 is affected vulnerable to Arbitrary File Upload. The admin panel has an upload function of profile photo accessible at http://localhost/scheduler/admin/?page=user. An attacker could upload a malicious file such as… | |||
| CVE-2021-35458 | 0.00 | — | 0.02 | Jul 27, 2021 | Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php (aka p=products) via the c or s parameter. | |||
| CVE-2021-25212 | 0.00 | — | 0.01 | Jul 22, 2021 | SQL injection vulnerability in SourceCodester Alumni Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to manage_event.php. | |||
| CVE-2021-25210 | 0.00 | — | 0.01 | Jul 22, 2021 | Arbitrary file upload vulnerability in SourceCodester Alumni Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to manage_event.php. | |||
| CVE-2021-35456 | 0.00 | — | 0.02 | Jun 28, 2021 | Online Pet Shop We App 1.0 is vulnerable to remote SQL injection and shell upload | |||
| CVE-2020-35272 | 0.00 | — | 0.01 | Jan 20, 2021 | Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Admin Portal in the Task and Description fields. | |||
| CVE-2020-28071 | 0.00 | — | 0.01 | Dec 23, 2020 | SourceCodester Alumni Management System 1.0 is affected by cross-site Scripting (XSS) in /admin/gallery.php. After the admin authentication an attacker can upload an image in the gallery using a XSS payload in the description textarea called 'about' and reach a stored XSS. | |||
| CVE-2020-28070 | 0.00 | — | 0.23 | Dec 23, 2020 | SourceCodester Alumni Management System 1.0 is affected by SQL injection causing arbitrary remote code execution from GET input in view_event.php via the 'id' parameter. | |||
| CVE-2020-28072 | 0.00 | — | 0.03 | Dec 15, 2020 | A Remote Code Execution vulnerability exists in DourceCodester Alumni Management System 1.0. An authenticated attacker can upload arbitrary file in the gallery.php page and executing it on the server reaching the RCE. | |||
| CVE-2020-28129 | 0.00 | — | 0.01 | Nov 17, 2020 | Stored Cross-site scripting (XSS) vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields 'Package Name' and 'Description'. |
- CVE-2022-28026Apr 21, 2022risk 0.00cvss —epss 0.01
Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=student_p&id=.
- CVE-2022-28415Apr 21, 2022risk 0.00cvss —epss 0.01
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_collection.
- CVE-2022-28417Apr 21, 2022risk 0.00cvss —epss 0.01
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_phase.
- CVE-2022-28468Apr 5, 2022risk 0.00cvss —epss 0.02
Payroll Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter.
- CVE-2022-28116Apr 5, 2022risk 0.00cvss —epss 0.01
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter.
- CVE-2022-27304Apr 5, 2022risk 0.00cvss —epss 0.01
Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via the user parameter.
- CVE-2022-27123Apr 5, 2022risk 0.00cvss —epss 0.01
Employee Performance Evaluation v1.0 was discovered to contain a SQL injection vulnerability via the email parameter.
- CVE-2022-26170Mar 2, 2022risk 0.00cvss —epss 0.01
Simple Mobile Comparison Website v1.0 was discovered to contain a SQL injection vulnerability via the search parameter.
- CVE-2022-26169Mar 2, 2022risk 0.00cvss —epss 0.01
Air Cargo Management System v1.0 was discovered to contain a SQL injection vulnerability via the ref_code parameter.
- CVE-2022-25045Mar 2, 2022risk 0.00cvss —epss 0.01
Home Owners Collection Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.
- CVE-2022-25016Mar 2, 2022risk 0.00cvss —epss 0.02
Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /student_attendance/index.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
- CVE-2022-25028Feb 28, 2022risk 0.00cvss —epss 0.01
Home Owners Collection Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the collected_by parameter under the List of Collections module.
- CVE-2022-25096Feb 25, 2022risk 0.00cvss —epss 0.02
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/view_member.php.
- CVE-2022-25095Feb 25, 2022risk 0.00cvss —epss 0.01
Home Owners Collection Management System v1.0 allows unauthenticated attackers to compromise user accounts via a crafted POST request.
- CVE-2022-24582Feb 22, 2022risk 0.00cvss —epss 0.01
Accounting Journal Management 1.0 is vulnerable to XSS-PHPSESSID-Hijacking. The parameter manage_user from User lists is vulnerable to XSS-Stored and PHPSESSID attacks. The malicious user can attack the system by using the already session which he has from inside and outside of…
- CVE-2021-45435Jan 28, 2022risk 0.00cvss —epss 0.01
An SQL Injection vulnerability exists in Sourcecodester Simple Cold Storage Management System using PHP/OOP 1.0 via the username field in login.php.
- CVE-2021-46451Jan 24, 2022risk 0.00cvss —epss 0.01
An SQL Injection vulnerabilty exists in Sourcecodester Online Project Time Management System 1.0 via the pid parameter in the load_file function.
- CVE-2021-41928Jan 24, 2022risk 0.00cvss —epss 0.02
SQL injection in Sourcecodester Try My Recipe (Recipe Sharing Website - CMS) 1.0 by oretnom23, allows attackers to execute arbitrary code via the rid parameter to the view_recipe page.
- CVE-2021-42168Jan 24, 2022risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) in Sourcecodester Try My Recipe (Recipe Sharing Website - CMS) by oretnom23, allows attackers to gain the PHPSESID or other unspecified impacts via the fullname parameter to the login_registration page.
- CVE-2021-41930Jan 24, 2022risk 0.00cvss —epss 0.01
Cross site scripting (XSS) vulnerability in Sourcecodester Online Covid Vaccination Scheduler System v1 by oretnom23, allows attackers to execute arbitrary code via the lid parameter to /scheduler/addSchedule.php.
- CVE-2021-41929Jan 24, 2022risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) in Sourcecodester The Electric Billing Management System 1.0 by oretnom23, allows attackers to execute arbitrary code via the about page.
- CVE-2021-41659Jan 24, 2022risk 0.00cvss —epss 0.01
SQL injection vulnerability in Sourcecodester Banking System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username or password field.
- CVE-2021-40909Jan 24, 2022risk 0.00cvss —epss 0.02
Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD without Refresh/Reload using Ajax and DataTables Tutorial v1 by oretnom23, allows remote attackers to execute arbitrary code via the first_name, last_name, and email parameters to /ajax_crud.
- CVE-2021-40595Jan 21, 2022risk 0.00cvss —epss 0.01
SQL injection vulnerability in Sourcecodester Online Leave Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /leave_system/classes/Login.php.
- CVE-2021-46201Jan 21, 2022risk 0.00cvss —epss 0.02
An SQL Injection vulnerability exists in Sourcecodester Online Resort Management System 1.0 via the id parameterv in /orms/ node.
- CVE-2021-46198Jan 21, 2022risk 0.00cvss —epss 0.02
An SQL Injection vulnerability exists in Sourceodester Courier Management System 1.0 via the email parameter in /cms/ajax.php app.
- CVE-2021-46061Jan 20, 2022risk 0.00cvss —epss 0.02
An SQL Injection vulnerability exists in Sourcecodester Computer and Mobile Repair Shop Management system (RSMS) 1.0 via the code parameter in /rsms/ node app.
- CVE-2021-45252Dec 21, 2021risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities are found on Simple Forum-Discussion System 1.0 For example on three applications which are manage_topic.php, manage_user.php, and ajax.php. The attacker can be retrieving all information from the database of this system by using this…
- CVE-2021-37803Oct 27, 2021risk 0.00cvss —epss 0.02
An SQL Injection vulnerability exists in Sourcecodester Online Covid Vaccination Scheduler System 1.0 via the username in lognin.php .
- CVE-2021-42169Oct 22, 2021risk 0.00cvss —epss 0.03
The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code (by: oretnom23 ) is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account. The parameter (username) from the login form is not protected correctly and there is no…
- CVE-2021-36622Aug 3, 2021risk 0.00cvss —epss 0.02
Sourcecodester Online Covid Vaccination Scheduler System 1.0 is affected vulnerable to Arbitrary File Upload. The admin panel has an upload function of profile photo accessible at http://localhost/scheduler/admin/?page=user. An attacker could upload a malicious file such as…
- CVE-2021-35458Jul 27, 2021risk 0.00cvss —epss 0.02
Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php (aka p=products) via the c or s parameter.
- CVE-2021-25212Jul 22, 2021risk 0.00cvss —epss 0.01
SQL injection vulnerability in SourceCodester Alumni Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to manage_event.php.
- CVE-2021-25210Jul 22, 2021risk 0.00cvss —epss 0.01
Arbitrary file upload vulnerability in SourceCodester Alumni Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to manage_event.php.
- CVE-2021-35456Jun 28, 2021risk 0.00cvss —epss 0.02
Online Pet Shop We App 1.0 is vulnerable to remote SQL injection and shell upload
- CVE-2020-35272Jan 20, 2021risk 0.00cvss —epss 0.01
Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Admin Portal in the Task and Description fields.
- CVE-2020-28071Dec 23, 2020risk 0.00cvss —epss 0.01
SourceCodester Alumni Management System 1.0 is affected by cross-site Scripting (XSS) in /admin/gallery.php. After the admin authentication an attacker can upload an image in the gallery using a XSS payload in the description textarea called 'about' and reach a stored XSS.
- CVE-2020-28070Dec 23, 2020risk 0.00cvss —epss 0.23
SourceCodester Alumni Management System 1.0 is affected by SQL injection causing arbitrary remote code execution from GET input in view_event.php via the 'id' parameter.
- CVE-2020-28072Dec 15, 2020risk 0.00cvss —epss 0.03
A Remote Code Execution vulnerability exists in DourceCodester Alumni Management System 1.0. An authenticated attacker can upload arbitrary file in the gallery.php page and executing it on the server reaching the RCE.
- CVE-2020-28129Nov 17, 2020risk 0.00cvss —epss 0.01
Stored Cross-site scripting (XSS) vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields 'Package Name' and 'Description'.
Page 9 of 9