Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-7289 | 1 Oretnom23 | 1 Establishment Billing Management System | 2024-08-13 | N/A | 8.8 HIGH |
| A vulnerability was found in SourceCodester Establishment Billing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /manage_payment.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273158 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-7287 | 1 Oretnom23 | 1 Establishment Billing Management System | 2024-08-12 | N/A | 8.8 HIGH |
| A vulnerability was found in SourceCodester Establishment Billing Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273156. | |||||
| CVE-2024-7286 | 1 Oretnom23 | 1 Establishment Billing Management System | 2024-08-12 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Establishment Billing Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/ajax.php?action=login of the component Login. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273155. | |||||
| CVE-2024-7288 | 1 Oretnom23 | 1 Establishment Billing Management System | 2024-08-12 | N/A | 8.8 HIGH |
| A vulnerability was found in SourceCodester Establishment Billing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_block. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273157 was assigned to this vulnerability. | |||||
| CVE-2024-7320 | 1 Adonesevangelista | 1 Online Blood Bank Management System | 2024-08-12 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in itsourcecode Online Blood Bank Management System 1.0. This affects an unknown part of the file /admin/index.php of the component Admin Login. The manipulation of the argument user leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273231. | |||||
| CVE-2024-6966 | 1 Adonesevangelista | 1 Online Blood Bank Management System | 2024-08-12 | N/A | 9.8 CRITICAL |
| A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file login.php of the component Login. The manipulation of the argument user/pass leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272120. | |||||
| CVE-2024-7306 | 1 Oretnom23 | 1 Establishment Billing Management System | 2024-08-12 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in SourceCodester Establishment Billing Management System 1.0. Affected is an unknown function of the file /manage_block.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273198 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-42357 | 1 Shopware | 1 Shopware | 2024-08-12 | N/A | 9.8 CRITICAL |
| Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the `aggregations` object. The `name` field in this `aggregations` object is vulnerable SQL-injection and can be exploited using SQL parameters. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.1, 6.2, 6.3, and 6.4, corresponding security measures are also available via a plugin. | |||||
| CVE-2024-41238 | 1 Lopalopa | 1 Responsive School Management System | 2024-08-12 | N/A | 5.3 MEDIUM |
| A SQL injection vulnerability in /smsa/student_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter. | |||||
| CVE-2024-7164 | 1 Oretnom23 | 1 School Fees Payment System | 2024-08-12 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in SourceCodester School Fees Payment System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=login. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272578 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-7198 | 1 Oretnom23 | 1 Complaints Report Management System | 2024-08-12 | N/A | 8.8 HIGH |
| A vulnerability classified as critical has been found in SourceCodester Complaints Report Management System 1.0. This affects an unknown part of the file /admin/manage_station.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272619. | |||||
| CVE-2024-7165 | 1 Oretnom23 | 1 School Fees Payment System | 2024-08-12 | N/A | 8.8 HIGH |
| A vulnerability was found in SourceCodester School Fees Payment System 1.0 and classified as critical. This issue affects some unknown processing of the file /view_payment.php. The manipulation of the argument ef_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272579. | |||||
| CVE-2024-7167 | 1 Oretnom23 | 1 School Fees Payment System | 2024-08-12 | N/A | 8.8 HIGH |
| A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /manage_course.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272581 was assigned to this vulnerability. | |||||
| CVE-2024-7197 | 1 Oretnom23 | 1 Complaints Report Management System | 2024-08-12 | N/A | 8.8 HIGH |
| A vulnerability was found in SourceCodester Complaints Report Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/manage_complaint.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272618 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-7199 | 1 Oretnom23 | 1 Complaints Report Management System | 2024-08-12 | N/A | 8.8 HIGH |
| A vulnerability classified as critical was found in SourceCodester Complaints Report Management System 1.0. This vulnerability affects unknown code of the file /admin/manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272620. | |||||
| CVE-2024-7168 | 1 Oretnom23 | 1 School Fees Payment System | 2024-08-12 | N/A | 8.8 HIGH |
| A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272582 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-7196 | 1 Oretnom23 | 1 Complaints Report Management System | 2024-08-12 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Complaints Report Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272617 was assigned to this vulnerability. | |||||
| CVE-2024-7166 | 1 Oretnom23 | 1 School Fees Payment System | 2024-08-12 | N/A | 8.8 HIGH |
| A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been classified as critical. Affected is an unknown function of the file /receipt.php. The manipulation of the argument ef_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272580. | |||||
| CVE-2024-7194 | 1 Angeljudesuarez | 1 Society Management System | 2024-08-12 | N/A | 8.8 HIGH |
| A vulnerability was found in itsourcecode Society Management System 1.0 and classified as critical. This issue affects some unknown processing of the file check_student.php. The manipulation of the argument student_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272615. | |||||
| CVE-2024-7195 | 1 Angeljudesuarez | 1 Society Management System | 2024-08-12 | N/A | 9.8 CRITICAL |
| A vulnerability was found in itsourcecode Society Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/check_admin.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272616. | |||||