Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1038 | 1 Online Reviewer Management System Project | 1 Online Reviewer Management System | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in SourceCodester Online Reviewer Management System 1.0. Affected is an unknown function of the file /reviewer_0/admins/assessments/pretest/questions-view.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221796. | |||||
| CVE-2023-1053 | 1 Music Gallery Site Project | 1 Music Gallery Site | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Music Gallery Site 1.0 and classified as critical. This issue affects some unknown processing of the file view_category.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-221819. | |||||
| CVE-2023-0758 | 1 Jfinaloa Project | 1 Jfinaloa | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical. This issue affects some unknown processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220469 was assigned to this vulnerability. | |||||
| CVE-2023-0912 | 1 Auto Dealer Management System Project | 1 Auto Dealer Management System | 2024-05-17 | N/A | 8.8 HIGH |
| A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1.0. This affects an unknown part of the file /adms/admin/?page=vehicles/view_transaction. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221481 was assigned to this vulnerability. | |||||
| CVE-2023-1058 | 1 Doctors Appointment System Project | 1 Doctors Appointment System | 2024-05-17 | N/A | 8.8 HIGH |
| A vulnerability classified as critical has been found in SourceCodester Doctors Appointment System 1.0. This affects an unknown part of the file create-account.php. The manipulation of the argument newemail leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221823. | |||||
| CVE-2023-1290 | 1 Sales Tracker Management System Project | 1 Sales Tracker Management System | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in SourceCodester Sales Tracker Management System 1.0. Affected by this issue is some unknown functionality of the file admin/clients/view_client.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222644. | |||||
| CVE-2023-0938 | 1 Music Gallery Site Project | 1 Music Gallery Site | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in SourceCodester Music Gallery Site 1.0. This affects an unknown part of the file music_list.php of the component GET Request Handler. The manipulation of the argument cid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221553 was assigned to this vulnerability. | |||||
| CVE-2023-0781 | 1 Canteen Management System Project | 1 Canteen Management System | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been declared as critical. This vulnerability affects the function query of the file removeOrder.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220624. | |||||
| CVE-2023-0962 | 1 Music Gallery Site Project | 1 Music Gallery Site | 2024-05-17 | N/A | 8.8 HIGH |
| A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been declared as critical. This vulnerability affects unknown code of the file Master.php of the component GET Request Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221632. | |||||
| CVE-2023-0534 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2024-05-17 | N/A | 4.7 MEDIUM |
| A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects an unknown part of the file admin/expense_report.php. The manipulation of the argument to_date leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-219603. | |||||
| CVE-2023-1322 | 1 Lmxcms | 1 Lmxcms | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in lmxcms 1.41 and classified as critical. Affected by this issue is the function reply of the file BookAction.class.php. The manipulation of the argument id with the input 1) and updatexml(0,concat(0x7e,user()),1)# leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222728. | |||||
| CVE-2022-4855 | 1 Lead Management System Project | 1 Lead Management System | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in SourceCodester Lead Management System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-217020. | |||||
| CVE-2022-4860 | 1 Kbase | 1 Metrics | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in KBase Metrics. It has been classified as critical. This affects the function upload_user_data of the file source/daily_cron_jobs/methods_upload_user_stats.py. The manipulation leads to sql injection. The patch is named 959dfb6b05991e30b0fa972a1ecdcaae8e1dae6d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217059. | |||||
| CVE-2022-4739 | 1 School Dormitory Management System Project | 1 School Dormitory Management System | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in SourceCodester School Dormitory Management System 1.0. Affected by this vulnerability is an unknown functionality of the component Admin Login. The manipulation leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-216775. | |||||
| CVE-2022-4737 | 1 Blood Bank Management System Project | 1 Blood Bank Management System | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Blood Bank Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The identifier VDB-216773 was assigned to this vulnerability. | |||||
| CVE-2022-3671 | 1 Elearning System Project | 1 Elearning System | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in SourceCodester eLearning System 1.0. This vulnerability affects unknown code of the file /admin/students/manage.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-212014 is the identifier assigned to this vulnerability. | |||||
| CVE-2021-4308 | 1 Lboro | 1 Webpa | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in WebPA up to 3.1.1. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. Upgrading to version 3.1.2 is able to address this issue. The identifier of the patch is 8836c4f549181e885a68e0e7ca561fdbcbd04bf0. It is recommended to upgrade the affected component. The identifier VDB-217637 was assigned to this vulnerability. | |||||
| CVE-2021-4298 | 1 Nd | 1 Sipity | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in Hesburgh Libraries of Notre Dame Sipity. This affects the function SearchCriteriaForWorksParameter of the file app/parameters/sipity/parameters/search_criteria_for_works_parameter.rb. The manipulation leads to sql injection. Upgrading to version 2021.8 is able to address this issue. The patch is named d1704c7363b899ffce65be03a796a0ee5fdbfbdc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217179. | |||||
| CVE-2021-4328 | 1 Lionfish Cms Project | 1 Lionfish Cms | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in ???CMS and classified as critical. Affected by this vulnerability is the function goods_detail of the file ApiController.class.php. The manipulation of the argument goods_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-222223. | |||||
| CVE-2021-4301 | 1 Phpwcms | 1 Phpwcms | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in slackero phpwcms up to 1.9.26 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument $phpwcms['db_prepend'] leads to sql injection. The attack may be launched remotely. Upgrading to version 1.9.27 is able to address this issue. The patch is identified as 77dafb6a8cc1015f0777daeb5792f43beef77a9d. It is recommended to upgrade the affected component. VDB-217418 is the identifier assigned to this vulnerability. | |||||