Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1571 | 1 Datagear | 1 Datagear | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in DataGear up to 4.5.0. This affects an unknown part of the file /analysisProject/pagingQueryData. The manipulation of the argument queryOrder leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.5.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223563. | |||||
| CVE-2023-1502 | 1 Alphaware - Simple E-commerce System Project | 1 Alphaware - Simple E-commerce System | 2024-05-17 | N/A | 8.1 HIGH |
| A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file function/edit_customer.php. The manipulation of the argument firstname/mi/lastname with the input a' RLIKE SLEEP(5) AND 'dAbu'='dAbu leads to sql injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-223406 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-1827 | 1 Centralized Covid Vaccination Records System Project | 1 Centralized Covid Vaccination Records System | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in SourceCodester Centralized Covid Vaccination Records System 1.0 and classified as critical. This vulnerability affects unknown code of the file /vaccinated/admin/maintenance/manage_location.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224842 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-1736 | 1 Young Entrepreneur E-negosyo System Project | 1 Young Entrepreneur E-negosyo System | 2024-05-17 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. Affected by this issue is some unknown functionality of the file cart/controller.php?action=add. The manipulation of the argument PROID leads to sql injection. The identifier of this vulnerability is VDB-224624. | |||||
| CVE-2023-1770 | 1 Grade Point Average \(gpa\) Calculator Project | 1 Grade Point Average \(gpa\) Calculator | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in SourceCodester Grade Point Average GPA Calculator 1.0 and classified as critical. Affected by this vulnerability is the function get_scale of the file Master.php. The manipulation of the argument perc leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224671. | |||||
| CVE-2023-1666 | 1 Automatic Question Paper Generator System Project | 1 Automatic Question Paper Generator System | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in SourceCodester Automatic Question Paper Generator System 1.0 and classified as critical. This vulnerability affects unknown code of the file users/classes/view_class.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224104. | |||||
| CVE-2023-1986 | 1 Oretnom23 | 1 Online Computer And Laptop Store | 2024-05-17 | N/A | 7.2 HIGH |
| A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. Affected is the function delete_order of the file /classes/master.php?f=delete_order. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225534 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-1294 | 1 File Tracker Manager System Project | 1 File Tracker Management System | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester File Tracker Manager System 1.0. It has been classified as critical. Affected is an unknown function of the file /file_manager/login.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222648. | |||||
| CVE-2023-1308 | 1 Online Graduate Tracer System Project | 1 Online Graduate Tracer System | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in SourceCodester Online Graduate Tracer System 1.0. Affected is an unknown function of the file admin/adminlog.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222696. | |||||
| CVE-2022-4933 | 1 Atm-consulting | 1 Dolibarr Module Quicksupplierprice | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in ATM Consulting dolibarr_module_quicksupplierprice up to 1.1.6. Affected by this issue is the function upatePrice of the file script/interface.php. The manipulation leads to sql injection. The attack may be launched remotely. Upgrading to version 1.1.7 is able to address this issue. The patch is identified as ccad1e4282b0e393a32fcc852e82ec0e0af5446f. It is recommended to upgrade the affected component. VDB-223382 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-0946 | 1 Best Pos Management System Project | 1 Best Pos Management System | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in SourceCodester Best POS Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file billing/index.php?id=9. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The identifier VDB-221593 was assigned to this vulnerability. | |||||
| CVE-2023-1165 | 1 Crmeb | 1 Crmeb | 2024-05-17 | N/A | 7.2 HIGH |
| A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. It has been classified as critical. This affects an unknown part of the file /api/admin/system/store/order/list. The manipulation of the argument keywords leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-222261 was assigned to this vulnerability. | |||||
| CVE-2023-0883 | 1 Online Pizza Ordering System Project | 1 Online Pizza Ordering System | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file /php-opos/index.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221350 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-0283 | 1 Online Flight Booking Management System Project | 1 Online Flight Booking Management System | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in SourceCodester Online Flight Booking Management System. This affects an unknown part of the file review_search.php of the component POST Parameter Handler. The manipulation of the argument txtsearch leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-218277 was assigned to this vulnerability. | |||||
| CVE-2023-0532 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2024-05-17 | N/A | 4.7 MEDIUM |
| A vulnerability classified as critical was found in SourceCodester Online Tours & Travels Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/disapprove_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219601 was assigned to this vulnerability. | |||||
| CVE-2023-0913 | 1 Auto Dealer Management System Project | 1 Auto Dealer Management System | 2024-05-17 | N/A | 8.8 HIGH |
| A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. This vulnerability affects unknown code of the file /adms/admin/?page=vehicles/sell_vehicle. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221482 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-0324 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/page-login.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-218426 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-1253 | 1 Health Center Patient Record Management System Project | 1 Health Center Patient Record Management System | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in SourceCodester Health Center Patient Record Management System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222483. | |||||
| CVE-2023-0964 | 1 Sales Tracker Management System Project | 1 Sales Tracker Management System | 2024-05-17 | N/A | 8.1 HIGH |
| A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management System 1.0. Affected is an unknown function of the file admin/products/view_product.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. VDB-221634 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-0981 | 1 Yoga Class Registration System Project | 1 Yoga Class Registration System | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. It has been classified as critical. Affected is an unknown function of the component Delete User. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-221676. | |||||