Filtered by vendor Oretnom23
Subscriptions
Total
571 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-57522 | 1 Oretnom23 | 1 Packers And Movers Management System | 2025-04-22 | 6.4 Medium |
| SourceCodester Packers and Movers Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in Users.php. An attacker can inject a malicious script into the username or name field during user creation. | ||||
| CVE-2024-57523 | 1 Oretnom23 | 1 Packers And Movers Management System | 2025-04-22 | 4.5 Medium |
| Cross Site Request Forgery (CSRF) in Users.php in SourceCodester Packers and Movers Management System 1.0 allows attackers to create unauthorized admin accounts via crafted requests sent to an authenticated admin user. | ||||
| CVE-2024-50766 | 2 Oretnom23, Sourcecodester | 2 Survey Application System, Survey Application System | 2025-04-22 | 9.8 Critical |
| SourceCodester Survey Application System 1.0 is vulnerable to SQL Injection in takeSurvey.php via the id parameter. | ||||
| CVE-2024-40068 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | 5.9 Medium |
| Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at id_generator/admin/?page=templates/manage_template&id=1. | ||||
| CVE-2024-40069 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | 5.4 Medium |
| Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/Users.php?f=save, and the point of vulnerability is in the POST parameter 'firstname' and 'lastname'. | ||||
| CVE-2024-40070 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | 5.1 Medium |
| Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/Users.php?f=save. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2024-40071 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | 9.8 Critical |
| Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2024-40072 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | 9.8 Critical |
| Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at id_generator/admin/?page=generate/index&id=1. | ||||
| CVE-2024-40073 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | 9.8 Critical |
| Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the template parameter at id_generator/admin/?page=generate&template=4. | ||||
| CVE-2024-40074 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | 4.8 Medium |
| Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/SystemSettings.php?f=update_settings, and the point of vulnerability is in the POST parameter 'short_name'. | ||||
| CVE-2024-34226 | 1 Oretnom23 | 1 Visitor Management System | 2025-04-22 | 9.4 Critical |
| SQL injection vulnerability in /php-sqlite-vms/?page=manage_visitor&id=1 in SourceCodester Visitor Management System 1.0 allow attackers to execute arbitrary SQL commands via the id parameters. | ||||
| CVE-2024-33304 | 2 Oretnom23, Sourcecodester | 2 Product Show Room Site, Product Show Room | 2025-04-22 | 6.1 Medium |
| SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via "Last Name" under Add Users. | ||||
| CVE-2024-33302 | 2 Oretnom23, Sourcecodester | 2 Product Show Room Site, Product Show Room | 2025-04-22 | 5.3 Medium |
| SourceCodester Product Show Room 1.0 and before is vulnerable to Cross Site Scripting (XSS) via "Middle Name" under Add Users. | ||||
| CVE-2024-33303 | 2 Oretnom23, Sourcecodester | 2 Product Show Room Site, Product Show Room | 2025-04-22 | 8.2 High |
| SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via "First Name" under Add Users. | ||||
| CVE-2023-51801 | 2 Oretnom23, Simple Atudent Attendance System | 2 Simple Student Attendance System, Simple Atudent Attendance System | 2025-04-22 | 9.8 Critical |
| SQL Injection vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the id parameter in the student_form.php and the class_form.php pages. | ||||
| CVE-2024-2145 | 1 Oretnom23 | 1 Online Mobile Store Management System | 2025-04-22 | 3.5 Low |
| A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been classified as problematic. Affected is an unknown function of the file /endpoint/update-tracker.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255498 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-45033 | 1 Oretnom23 | 1 Expense Tracker | 2025-04-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in Expense Tracker 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat text field. | ||||
| CVE-2024-34220 | 2 Oretnom23, Sourcecodester | 2 Human Resource Management System, Human Resource Management System | 2025-04-18 | 7.5 High |
| Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the 'leave' parameter. | ||||
| CVE-2024-34221 | 2 Oretnom23, Sourcecodester | 2 Human Resource Management System, Human Resource Management System | 2025-04-18 | 8.8 High |
| Sourcecodester Human Resource Management System 1.0 is vulnerable to Insecure Permissions resulting in privilege escalation. | ||||
| CVE-2024-34222 | 2 Oretnom23, Sourcecodester | 2 Human Resource Management System, Human Resource Management System | 2025-04-18 | 5.9 Medium |
| Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the searccountry parameter. | ||||