Vulnerabilities (CVE)

Filtered by vendor Oretnom23 Subscribe
Total 375 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-3548 1 Oretnom23 1 Simple Cold Storage Management System 2024-02-28 N/A 4.8 MEDIUM
A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the component Add New Storage Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-211048.
CVE-2022-3581 1 Oretnom23 1 Cashier Queuing System 2024-02-28 N/A 6.1 MEDIUM
A vulnerability, which was classified as problematic, was found in SourceCodester Cashier Queuing System 1.0. Affected is an unknown function of the component Cashiers Tab. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-211188.
CVE-2022-3470 1 Oretnom23 1 Human Resource Management System 2024-02-28 N/A 6.5 MEDIUM
A vulnerability was found in SourceCodester Human Resource Management System. It has been classified as critical. Affected is an unknown function of the file getstatecity.php. The manipulation of the argument sc leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-210714 is the identifier assigned to this vulnerability.
CVE-2022-43318 1 Oretnom23 1 Human Resource Management System 2024-02-28 N/A 8.8 HIGH
Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the stateedit parameter at /hrm/state.php.
CVE-2022-3579 1 Oretnom23 1 Cashier Queuing System 2024-02-28 N/A 9.8 CRITICAL
A vulnerability classified as critical was found in SourceCodester Cashier Queuing System 1.0. This vulnerability affects unknown code of the file /queuing/login.php of the component Login Page. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-211186 is the identifier assigned to this vulnerability.
CVE-2022-3549 1 Oretnom23 1 Simple Cold Storage Management System 2024-02-28 N/A 7.2 HIGH
A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /csms/admin/?page=user/manage_user of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211049 was assigned to this vulnerability.
CVE-2022-3473 1 Oretnom23 1 Human Resource Management System 2024-02-28 N/A 6.5 MEDIUM
A vulnerability classified as critical has been found in SourceCodester Human Resource Management System. This affects an unknown part of the file getstatecity.php. The manipulation of the argument ci leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-210717 was assigned to this vulnerability.
CVE-2022-43317 1 Oretnom23 1 Human Resource Management System 2024-02-28 N/A 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in /hrm/index.php?msg of Human Resource Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2022-3493 1 Oretnom23 1 Human Resource Management System 2024-02-28 N/A 5.4 MEDIUM
A vulnerability, which was classified as problematic, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the component Add Employee Handler. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-210773 was assigned to this vulnerability.
CVE-2022-42242 1 Oretnom23 1 Simple Cold Storage Management System 2024-02-28 N/A 7.2 HIGH
Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_booking.
CVE-2021-44653 1 Oretnom23 1 Online Magazine Management System 2024-02-28 7.5 HIGH 9.8 CRITICAL
Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability. The Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to gain access as admin to the application.
CVE-2021-45252 1 Oretnom23 1 Simple Forum\/discussion System 2024-02-28 7.5 HIGH 9.8 CRITICAL
Multiple SQL injection vulnerabilities are found on Simple Forum-Discussion System 1.0 For example on three applications which are manage_topic.php, manage_user.php, and ajax.php. The attacker can be retrieving all information from the database of this system by using this vulnerability.
CVE-2021-41645 1 Oretnom23 1 Budget And Expense Tracker System 2024-02-28 6.5 MEDIUM 8.8 HIGH
Remote Code Execution (RCE) vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field. .
CVE-2021-45435 1 Oretnom23 1 Simple Cold Storage Management System 2024-02-28 7.5 HIGH 9.8 CRITICAL
An SQL Injection vulnerability exists in Sourcecodester Simple Cold Storage Management System using PHP/OOP 1.0 via the username field in login.php.
CVE-2021-40247 1 Oretnom23 1 Budget And Expense Tracker System 2024-02-28 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field.