Burak Sevben

64 exploits Active since Jan 2024
CVE-2024-24135 NOMISEC MEDIUM WRITEUP
Product Inventory with Export to Excel 1.0 - Stored Cross-Site Scripting in Product Name and Code
Product Name and Product Code in the 'Add Product' section of Sourcecodester Product Inventory with Export to Excel 1.0 are vulnerable to XSS attacks.
CVSS 6.1
CVE-2024-24134 NOMISEC MEDIUM WRITEUP
Sourcecodester Online Food Menu 1.0 - Stored Cross-Site Scripting via Menu Name and Description Fields
Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting (XSS) via the 'Menu Name' and 'Description' fields in the Update Menu section.
CVSS 4.8
CVE-2024-24136 NOMISEC MEDIUM WRITEUP
Sourcecodester Math Game with Leaderboard 1.0 - Stored Cross-Site Scripting via Your Name Field
The 'Your Name' field in the Submit Score section of Sourcecodester Math Game with Leaderboard v1.0 is vulnerable to Cross-Site Scripting (XSS) attacks.
CVSS 6.1
CVE-2024-24141 NOMISEC CRITICAL WRITEUP
Sourcecodester School Task Manager App 1.0 - SQL Injection via Task Parameter
Sourcecodester School Task Manager App 1.0 allows SQL Injection via the 'task' parameter.
CVSS 9.8
CVE-2024-24140 NOMISEC HIGH WRITEUP
Daily Habit Tracker App 1.0 - SQL Injection via Tracker Parameter
Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via the parameter 'tracker.'
CVSS 7.2
CVE-2024-24142 NOMISEC CRITICAL WRITEUP
Sourcecodester School Task Manager 1.0 - SQL Injection via Subject Parameter
Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter.
CVSS 9.8
CVE-2024-24139 NOMISEC HIGH WRITEUP
Login System with Email Verification 1.0 - SQL Injection via User Parameter
Sourcecodester Login System with Email Verification 1.0 allows SQL Injection via the 'user' parameter.
CVSS 7.2
CVE-2024-25207 WRITEUP MEDIUM WRITEUP
Barangay Population Monitoring System v1.0 - XSS
Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. This vulnerabiity allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Contact Number parameter.
CVSS 5.4
CVE-2024-25208 WRITEUP MEDIUM WRITEUP
Barangay Population Monitoring System v1.0 - XSS
Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. This vulnerabiity allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name parameter.
CVSS 5.4
CVE-2024-25209 WRITEUP CRITICAL WRITEUP
Barangay Population Monitoring System 1.0 - SQL Injection
Barangay Population Monitoring System 1.0 was discovered to contain a SQL injection vulnerability via the resident parameter at /endpoint/delete-resident.php.
CVSS 9.8
CVE-2024-25210 WRITEUP CRITICAL WRITEUP
Simple Expense Tracker v1.0 - SQL Injection
Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the expense parameter at /endpoint/delete_expense.php.
CVSS 9.8
CVE-2024-25211 WRITEUP CRITICAL WRITEUP
Simple Expense Tracker v1.0 - SQL Injection
Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the category parameter at /endpoint/delete_category.php.
CVSS 9.8
CVE-2024-25212 WRITEUP HIGH WRITEUP
Employee Managment System v1.0 - SQL Injection
Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /delete.php.
CVSS 7.2
CVE-2024-25213 WRITEUP HIGH WRITEUP
Employee Managment System v1.0 - SQL Injection
Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /edit.php.
CVSS 7.2
CVE-2024-25214 WRITEUP CRITICAL WRITEUP
Employee Managment System v1.0 - Auth Bypass
An issue in Employee Managment System v1.0 allows attackers to bypass authentication via injecting a crafted payload into the E-mail and Password parameters at /alogin.html.
CVSS 9.8
CVE-2024-25215 WRITEUP CRITICAL WRITEUP
Employee Managment System v1.0 - SQL Injection
Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the pwd parameter at /aprocess.php.
CVSS 9.8
CVE-2024-25216 WRITEUP CRITICAL WRITEUP
Employee Managment System v1.0 - SQL Injection
Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the mailud parameter at /aprocess.php.
CVSS 9.8
CVE-2024-25217 WRITEUP CRITICAL WRITEUP
Online Medicine Ordering System v1.0 - SQL Injection
Online Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /omos/?p=products/view_product.
CVSS 9.8
CVE-2024-25218 WRITEUP MEDIUM WRITEUP
Task Manager App 1.0 - Cross-Site Scripting via Project Name Parameter
A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Project Name parameter /TaskManager/Projects.php.
CVSS 6.1
CVE-2024-25219 WRITEUP MEDIUM WRITEUP
Task Manager App 1.0 - Cross-Site Scripting via Task Name Parameter
A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Task Name parameter /TaskManager/Task.php.
CVSS 6.1
CVE-2024-25220 WRITEUP CRITICAL WRITEUP
Task Manager App v1.0 - SQL Injection
Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the taskID parameter at /TaskManager/EditTask.php.
CVSS 9.8
CVE-2024-25221 WRITEUP MEDIUM WRITEUP
Task Manager App 1.0 - Cross-Site Scripting via Note Section Parameter
A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note Section parameter at /TaskManager/Tasks.php.
CVSS 6.1
CVE-2024-25222 WRITEUP CRITICAL WRITEUP
Task Manager App v1.0 - SQL Injection
Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the projectID parameter at /TaskManager/EditProject.php.
CVSS 9.8
CVE-2024-25223 WRITEUP CRITICAL WRITEUP
Simple Admin Panel App v1.0 - SQL Injection
Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php.
CVSS 9.8
CVE-2024-25224 WRITEUP MEDIUM WRITEUP
Simple Admin Panel App 1.0 - Stored Cross-Site Scripting via Size Number Parameter
A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Size Number parameter under the Add Size function.
CVSS 5.4