Rone

4 exploits Active since Oct 2023
CVE-2023-5580 WRITEUP MEDIUM WRITEUP
SourceCodester Library System 1.0 - SQL Injection via Category Parameter
A vulnerability classified as critical has been found in SourceCodester Library System 1.0. This affects an unknown part of the file index.php. The manipulation of the argument category leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-242145 was assigned to this vulnerability.
CVSS 6.3
CVE-2023-5581 WRITEUP LOW WRITEUP
SourceCodester Medicine Tracker System 1.0 - Cross-Site Scripting via Index.php Page Parameter
A vulnerability classified as problematic was found in SourceCodester Medicine Tracker System 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-242146 is the identifier assigned to this vulnerability.
CVSS 3.5
CVE-2023-5587 WRITEUP MEDIUM WRITEUP
Free Hospital Management System for Small Practices 1.0 - SQL Injection via search Parameter in Parameter Handler
A vulnerability was found in SourceCodester Free Hospital Management System for Small Practices 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /vm/admin/doctors.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-242186 is the identifier assigned to this vulnerability.
CVSS 6.3
CVE-2023-5589 WRITEUP HIGH WRITEUP
Judging Management System 1.0 - SQL Injection via login.php Password Parameter
A vulnerability was found in SourceCodester Judging Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-242188.
CVSS 7.3