Filtered by vendor Oretnom23
Subscribe
Total
168 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-3548 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2023-12-28 | N/A | 4.8 MEDIUM |
A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the component Add New Storage Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-211048. | |||||
CVE-2021-45435 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2023-12-28 | 7.5 HIGH | 9.8 CRITICAL |
An SQL Injection vulnerability exists in Sourcecodester Simple Cold Storage Management System using PHP/OOP 1.0 via the username field in login.php. | |||||
CVE-2022-3546 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2023-12-28 | N/A | 4.8 MEDIUM |
A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /csms/admin/?page=user/list of the component Create User Handler. The manipulation of the argument First Name/Last Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-211046 is the identifier assigned to this vulnerability. | |||||
CVE-2022-43317 | 1 Oretnom23 | 1 Human Resource Management System | 2023-12-26 | N/A | 6.1 MEDIUM |
A cross-site scripting (XSS) vulnerability in /hrm/index.php?msg of Human Resource Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
CVE-2022-43262 | 1 Oretnom23 | 1 Human Resource Management System | 2023-12-26 | N/A | 9.8 CRITICAL |
Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /hrm/controller/login.php. | |||||
CVE-2022-45218 | 1 Oretnom23 | 1 Human Resource Management System | 2023-12-26 | N/A | 6.1 MEDIUM |
Human Resource Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability. This vulnerability is triggered via a crafted payload injected into an authentication error message. | |||||
CVE-2022-43318 | 1 Oretnom23 | 1 Human Resource Management System | 2023-12-26 | N/A | 8.8 HIGH |
Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the stateedit parameter at /hrm/state.php. | |||||
CVE-2023-46956 | 1 Oretnom23 | 1 Packers And Movers Management System | 2023-12-10 | N/A | 7.2 HIGH |
SQL injection vulnerability in Packers and Movers Management System v.1.0 allows a remote attacker to execute arbitrary code via crafted payload to the /mpms/admin/?page=user/manage_user&id file. | |||||
CVE-2023-43456 | 1 Oretnom23 | 1 Service Provider Management System | 2023-12-10 | N/A | 5.4 MEDIUM |
Cross Site Scripting vulnerability in Service Provider Management System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the firstname, middlename and lastname parameters in the /php-spms/admin/?page=user endpoint. | |||||
CVE-2023-31704 | 1 Oretnom23 | 1 Online Computer And Laptop Store | 2023-12-10 | N/A | 9.8 CRITICAL |
Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control, which allows remote attackers to elevate privileges to the administrator's role. | |||||
CVE-2023-38965 | 1 Oretnom23 | 1 Lost And Found Information System | 2023-12-10 | N/A | 9.8 CRITICAL |
Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI. | |||||
CVE-2023-36159 | 1 Oretnom23 | 1 Lost And Found Information System | 2023-12-10 | N/A | 6.1 MEDIUM |
Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page. | |||||
CVE-2023-30415 | 1 Oretnom23 | 1 Packers And Movers Management System | 2023-12-10 | N/A | 9.8 CRITICAL |
Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /inquiries/view_inquiry.php. | |||||
CVE-2023-43457 | 1 Oretnom23 | 1 Service Provider Management System | 2023-12-10 | N/A | 9.8 CRITICAL |
An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint. | |||||
CVE-2023-46435 | 1 Oretnom23 | 1 Packers And Movers Management System | 2023-12-10 | N/A | 9.8 CRITICAL |
Sourcecodester Packers and Movers Management System v1.0 is vulnerable to SQL Injection via mpms/?p=services/view_service&id. | |||||
CVE-2023-44048 | 1 Oretnom23 | 1 Expense Tracker | 2023-12-10 | N/A | 5.4 MEDIUM |
Sourcecodester Expense Tracker App v1 is vulnerable to Cross Site Scripting (XSS) via add category. | |||||
CVE-2023-33592 | 1 Oretnom23 | 1 Lost And Found Information System | 2023-12-10 | N/A | 9.8 CRITICAL |
Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information. | |||||
CVE-2023-31857 | 1 Oretnom23 | 1 Online Computer And Laptop Store | 2023-12-10 | N/A | 9.8 CRITICAL |
Sourcecodester Online Computer and Laptop Store 1.0 allows unrestricted file upload and can lead to remote code execution. The vulnerability path is /classes/Users.php?f=save. | |||||
CVE-2023-34581 | 1 Oretnom23 | 1 Service Provider Management System | 2023-12-10 | N/A | 9.8 CRITICAL |
Sourcecodester Service Provider Management System v1.0 is vulnerable to SQL Injection via the ID parameter in /php-spms/?page=services/view&id=2 | |||||
CVE-2023-24199 | 1 Oretnom23 | 1 Raffle Draw System | 2023-12-10 | N/A | 9.8 CRITICAL |
Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at delete_ticket.php. |