Burak Sevben

64 exploits Active since Jan 2024
CVE-2024-25225 WRITEUP MEDIUM WRITEUP
Simple Admin Panel App 1.0 - Cross-Site Scripting via Category Name Parameter
A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter under the Add Category function.
CVSS 5.4
CVE-2024-25226 WRITEUP MEDIUM WRITEUP
Simple Admin Panel App 1.0 - Cross-Site Scripting via Category Name Parameter
A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter under the Add Category function.
CVSS 6.1
CVE-2024-2934 WRITEUP MEDIUM WRITEUP
SourceCodester Todo List 1.0 - SQL Injection
A vulnerability classified as critical was found in SourceCodester Todo List in Kanban Board 1.0. Affected by this vulnerability is an unknown functionality of the file /endpoint/delete-todo.php. The manipulation of the argument list leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258013 was assigned to this vulnerability.
CVSS 6.3
CVE-2024-2935 WRITEUP LOW WRITEUP
SourceCodester Todo List in Kanban Board 1.0 - Cross-Site Scripting via Todo Argument
A vulnerability, which was classified as problematic, has been found in SourceCodester Todo List in Kanban Board 1.0. Affected by this issue is some unknown functionality of the component Add ToDo. The manipulation of the argument Todo leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 3.5
CVE-2024-3000 WRITEUP HIGH WRITEUP
Online Book System 1.0 - SQL Injection via Username/Password Parameters
A vulnerability classified as critical was found in code-projects Online Book System 1.0. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument username/password/login_username/login_password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258202 is the identifier assigned to this vulnerability.
CVSS 7.3
CVE-2024-3001 WRITEUP MEDIUM WRITEUP
Online Book System 1.0 - SQL Injection via Product.php Value Parameter
A vulnerability, which was classified as critical, has been found in code-projects Online Book System 1.0. This issue affects some unknown processing of the file /Product.php. The manipulation of the argument value leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258203.
CVSS 6.3
CVE-2024-3002 WRITEUP MEDIUM WRITEUP
Online Book System 1.0 - SQL Injection via ID Parameter in description.php
A vulnerability, which was classified as critical, was found in code-projects Online Book System 1.0. Affected is an unknown function of the file /description.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258204.
CVSS 6.3
CVE-2024-3003 WRITEUP MEDIUM WRITEUP
Online Book System 1.0 - SQL Injection via cart.php quantity/remove Parameter
A vulnerability has been found in code-projects Online Book System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cart.php. The manipulation of the argument quantity/remove leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258205 was assigned to this vulnerability.
CVSS 6.3
CVE-2024-3004 WRITEUP LOW WRITEUP
Online Book System 1.0 - Cross-Site Scripting via Product.php Value Parameter
A vulnerability was found in code-projects Online Book System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Product.php. The manipulation of the argument value leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258206 is the identifier assigned to this vulnerability.
CVSS 3.5
CVE-2024-3767 WRITEUP MEDIUM WRITEUP
PHPGurukul News Portal 4.1 - SQL Injection via Post Title or Category Parameter
A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. This vulnerability affects unknown code of the file /admin/edit-post.php. The manipulation of the argument posttitle/category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2024-3768 WRITEUP MEDIUM WRITEUP
PHPGurukul News Portal 4.1 - SQL Injection via searchtitle Parameter
A vulnerability, which was classified as critical, has been found in PHPGurukul/itsourcecode News Portal 4.1. This issue affects some unknown processing of the file search.php. The manipulation of the argument searchtitle leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260615.
CVSS 6.3
CVE-2024-3769 WRITEUP HIGH WRITEUP
PHPGurukul Student Record System 3.20 - SQL Injection via Login Page
A vulnerability, which was classified as critical, was found in PHPGurukul Student Record System 3.20. Affected is an unknown function of the file /login.php. The manipulation of the argument id/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260616.
CVSS 7.3
CVE-2024-3770 WRITEUP MEDIUM WRITEUP
PHPGurukul Student Record System 3.20 - SQL Injection via manage-courses.php del Parameter
A vulnerability has been found in PHPGurukul Student Record System 3.20 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manage-courses.php?del=1. The manipulation of the argument del leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260617 was assigned to this vulnerability.
CVSS 6.3
CVE-2024-3771 WRITEUP MEDIUM WRITEUP
PHPGurukul Student Record System 3.20 - SQL Injection via edit-subject.php sub1/sub2/sub3/sub4/udate Parameters
A vulnerability was found in PHPGurukul Student Record System 3.20 and classified as critical. Affected by this issue is some unknown functionality of the file /edit-subject.php. The manipulation of the argument sub1/sub2/sub3/sub4/udate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-260618 is the identifier assigned to this vulnerability.
CVSS 6.3
CVE-2024-3797 WRITEUP MEDIUM WRITEUP
SourceCodester QR Code Bookmark System 1.0 - SQL Injection
A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/delete-bookmark.php?bookmark=1. The manipulation of the argument bookmark leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260764.
CVSS 6.3
CVE-2024-4967 WRITEUP MEDIUM WRITEUP
SourceCodester Interactive Map 1.0 - SQL Injection
A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /endpoint/delete-mark.php. The manipulation of the argument mark leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264535.
CVSS 6.3
CVE-2024-4968 WRITEUP LOW WRITEUP
SourceCodester Interactive Map 1.0 - XSS
A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Marker Name of the component Add Marker. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264536.
CVSS 3.5
CVE-2024-4972 WRITEUP MEDIUM WRITEUP
Simple Chat System 1.0 - SQL Injection
A vulnerability classified as critical has been found in code-projects Simple Chat System 1.0. This affects an unknown part of the file /login.php. The manipulation of the argument email/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264537 was assigned to this vulnerability.
CVSS 6.3
CVE-2024-4973 WRITEUP MEDIUM WRITEUP
Simple Chat System 1.0 - SQL Injection
A vulnerability classified as critical was found in code-projects Simple Chat System 1.0. This vulnerability affects unknown code of the file /register.php. The manipulation of the argument name/number/address leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-264538 is the identifier assigned to this vulnerability.
CVSS 6.3
CVE-2024-4974 WRITEUP LOW WRITEUP
code-projects Simple Chat System 1.0 - Cross-Site Scripting via Register Name Parameter
A vulnerability, which was classified as problematic, was found in code-projects Simple Chat System 1.0. Affected is an unknown function of the file /register.php. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264540.
CVSS 3.5
CVE-2024-4975 WRITEUP LOW WRITEUP
code-projects Simple Chat System 1.0 - Cross-Site Scripting in Message Handler
A vulnerability, which was classified as problematic, has been found in code-projects Simple Chat System 1.0. This issue affects some unknown processing of the component Message Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264539.
CVSS 3.5
CVE-2024-5048 WRITEUP MEDIUM WRITEUP
code-projects Budget Management 1.0 - SQL Injection via edit Parameter
A vulnerability classified as critical was found in code-projects Budget Management 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument edit leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264745 was assigned to this vulnerability.
CVSS 6.3
CVE-2024-5063 WRITEUP HIGH WRITEUP
PHPGurukul Online Course Registration System 3.1 - SQL Injection via Admin Login
A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-264922 is the identifier assigned to this vulnerability.
CVSS 7.3
CVE-2024-5064 WRITEUP HIGH WRITEUP
PHPGurukul Online Course Registration System 3.1 - SQL Injection via News Details nid Parameter
A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been rated as critical. This issue affects some unknown processing of the file news-details.php. The manipulation of the argument nid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264923.
CVSS 7.3
CVE-2024-5065 WRITEUP HIGH WRITEUP
PHPGurukul Online Course Registration System 3.1 - SQL Injection via Regno Parameter
A vulnerability classified as critical has been found in PHPGurukul Online Course Registration System 3.1. Affected is an unknown function of the file /onlinecourse/. The manipulation of the argument regno leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264924.
CVSS 7.3