Filtered by vendor Oretnom23
Subscribe
Total
564 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-52675 | 1 Oretnom23 | 1 Sentiment Based Movie Rating System | 2025-04-24 | N/A | 9.8 CRITICAL |
| SourceCodester Sentiment Based Movie Rating System 1.0 is vulnerable to SQL Injection in /msrps/movies.php. | |||||
| CVE-2023-44752 | 1 Oretnom23 | 1 Student Study Center Desk Management System | 2025-04-24 | N/A | 9.8 CRITICAL |
| An issue in Student Study Center Desk Management System v1.0 allows attackers to bypass authentication via a crafted GET request to /php-sscdms/admin/login.php. | |||||
| CVE-2022-46089 | 1 Oretnom23 | 1 Online Flight Booking Management System | 2025-04-24 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in the add-airline form of Online Flight Booking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the airline parameter. | |||||
| CVE-2023-24204 | 1 Oretnom23 | 1 Simple Customer Relationship Management System | 2025-04-23 | N/A | 5.4 MEDIUM |
| SQL injection vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitrary code via the name parameter in get-quote.php. | |||||
| CVE-2023-24203 | 1 Oretnom23 | 1 Simple Customer Relationship Management System | 2025-04-23 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitary code via the company or query parameter(s). | |||||
| CVE-2024-37858 | 1 Oretnom23 | 1 Lost And Found Information System | 2025-04-23 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the id parameter to php-lfis/admin/categories/manage_category.php. | |||||
| CVE-2024-37859 | 1 Oretnom23 | 1 Lost And Found Information System | 2025-04-23 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the page parameter to php-lfis/admin/index.php. | |||||
| CVE-2024-37857 | 1 Oretnom23 | 1 Lost And Found Information System | 2025-04-23 | N/A | 8.8 HIGH |
| SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via id parameter to php-lfis/admin/categories/view_category.php. | |||||
| CVE-2024-48454 | 1 Oretnom23 | 1 Purchase Order Management System | 2025-04-23 | N/A | 7.2 HIGH |
| An issue in SourceCodester Purchase Order Management System v1.0 allows a remote attacker to execute arbitrary code via the /admin?page=user component | |||||
| CVE-2024-57522 | 1 Oretnom23 | 1 Packers And Movers Management System | 2025-04-22 | N/A | 6.4 MEDIUM |
| SourceCodester Packers and Movers Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in Users.php. An attacker can inject a malicious script into the username or name field during user creation. | |||||
| CVE-2024-57523 | 1 Oretnom23 | 1 Packers And Movers Management System | 2025-04-22 | N/A | 4.5 MEDIUM |
| Cross Site Request Forgery (CSRF) in Users.php in SourceCodester Packers and Movers Management System 1.0 allows attackers to create unauthorized admin accounts via crafted requests sent to an authenticated admin user. | |||||
| CVE-2024-50766 | 1 Oretnom23 | 1 Survey Application System | 2025-04-22 | N/A | 9.8 CRITICAL |
| SourceCodester Survey Application System 1.0 is vulnerable to SQL Injection in takeSurvey.php via the id parameter. | |||||
| CVE-2024-40068 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | N/A | 5.9 MEDIUM |
| Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at id_generator/admin/?page=templates/manage_template&id=1. | |||||
| CVE-2024-40069 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | N/A | 5.4 MEDIUM |
| Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/Users.php?f=save, and the point of vulnerability is in the POST parameter 'firstname' and 'lastname'. | |||||
| CVE-2024-40070 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | N/A | 5.1 MEDIUM |
| Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/Users.php?f=save. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2024-40071 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | N/A | 9.8 CRITICAL |
| Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2024-40072 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | N/A | 9.8 CRITICAL |
| Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at id_generator/admin/?page=generate/index&id=1. | |||||
| CVE-2024-40073 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | N/A | 9.8 CRITICAL |
| Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the template parameter at id_generator/admin/?page=generate&template=4. | |||||
| CVE-2024-40074 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | N/A | 4.8 MEDIUM |
| Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/SystemSettings.php?f=update_settings, and the point of vulnerability is in the POST parameter 'short_name'. | |||||
| CVE-2024-34226 | 1 Oretnom23 | 1 Visitor Management System | 2025-04-22 | N/A | 9.4 CRITICAL |
| SQL injection vulnerability in /php-sqlite-vms/?page=manage_visitor&id=1 in SourceCodester Visitor Management System 1.0 allow attackers to execute arbitrary SQL commands via the id parameters. | |||||