sh3rl0ckpgp

4 exploits Active since Nov 2024
CVE-2024-11213 WRITEUP MEDIUM WRITEUP
Best Employee Management System 1.0 - SQL Injection via /admin/edit_role.php id Parameter
A vulnerability, which was classified as critical, was found in SourceCodester Best Employee Management System 1.0. This affects an unknown part of the file /admin/edit_role.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 4.7
CVE-2024-11214 WRITEUP MEDIUM WRITEUP
Best Employee Management System 1.0 - Unrestricted File Upload via Profile Image Parameter
A vulnerability has been found in SourceCodester Best Employee Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/profile.php. The manipulation of the argument website_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher disclosure contains confusing vulnerability classes.
CVSS 4.7
CVE-2024-11243 WRITEUP MEDIUM WRITEUP
code-projects Online Shop Store 1.0 - Cross-Site Scripting via /signup.php m2 Parameter
A vulnerability classified as problematic has been found in code-projects Online Shop Store 1.0. This affects an unknown part of the file /signup.php. The manipulation of the argument m2 with the input <svg%20onload=alert(document.cookie)> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 4.3
CVE-2024-11250 WRITEUP MEDIUM WRITEUP
code-projects Inventory Management <= 1.0 - SQL Injection via /model/editProduct.php id Parameter
A vulnerability was found in code-projects Inventory Management up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /model/editProduct.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3