dovankha - Security Researcher - Exploit Intelligence Platform

CVE-2024-35469 NOMISEC CRITICAL WRITEUP

Oretnom23 Human Resource Management System - SQL Injection

A SQL injection vulnerability in /hrm/user/ in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter.

1 stars

CVSS 9.8

View Code

CVE-2024-34221 NOMISEC HIGH SUSPICIOUS

Sourcecodester HRMS 1.0 - Privilege Escalation

Sourcecodester Human Resource Management System 1.0 is vulnerable to Insecure Permissions resulting in privilege escalation.

CVSS 8.8

View Code

CVE-2024-34222 NOMISEC MEDIUM WRITEUP

Sourcecodester HRMS 1.0 - SQL Injection

Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the searccountry parameter.

CVSS 5.9

View Code

CVE-2024-34223 NOMISEC MEDIUM WRITEUP

SourceCodester HRMS 1.0 - Info Disclosure

Insecure permission vulnerability in /hrm/leaverequest.php in SourceCodester Human Resource Management System 1.0 allow attackers to approve or reject leave ticket.

CVSS 4.3

View Code

CVE-2024-34220 NOMISEC HIGH WORKING POC

Sourcecodester HRMS 1.0 - SQL Injection

Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the 'leave' parameter.

CVSS 7.5

View Code

CVE-2024-34225 NOMISEC MEDIUM WRITEUP

Computer Laboratory Management System <1.0 - XSS

Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the name, shortname parameters.

CVSS 6.1

View Code

CVE-2024-34226 NOMISEC CRITICAL WRITEUP

SourceCodester Visitor Management System 1.0 - SQL Injection

SQL injection vulnerability in /php-sqlite-vms/?page=manage_visitor&id=1 in SourceCodester Visitor Management System 1.0 allow attackers to execute arbitrary SQL commands via the id parameters.

CVSS 9.4

View Code

CVE-2024-35468 NOMISEC MEDIUM WRITEUP

Oretnom23 Human Resource Management System - SQL Injection

A SQL injection vulnerability in /hrm/index.php in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter.

CVSS 5.4

View Code

CVE-2024-34224 NOMISEC HIGH WRITEUP

Computer Laboratory Management System 1.0 - XSS

Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=save in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the firstname, middlename, lastname parameters.

CVSS 7.3

View Code