webraybtl

62 exploits Active since Mar 2022
CVE-2022-2578 WRITEUP MEDIUM WRITEUP
SourceCodester Garage Management System 1.0 - Info Disclosure
A vulnerability, which was classified as critical, has been found in SourceCodester Garage Management System 1.0. This issue affects some unknown processing of the file /php_action/createUser.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2022-2579 WRITEUP LOW WRITEUP
SourceCodester Garage Management System 1.0 - XSS
A vulnerability, which was classified as problematic, was found in SourceCodester Garage Management System 1.0. Affected is an unknown function of the file /php_action/createUser.php. The manipulation of the argument userName with the input lala<img src="" onerror=alert(1)> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 3.5
CVE-2022-2765 WRITEUP MEDIUM WRITEUP
Company Website CMS 1.0 - Improper Authentication in Dashboard Settings
A vulnerability was found in SourceCodester Company Website CMS 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard/settings. The manipulation leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206161 was assigned to this vulnerability.
CVSS 6.3
CVE-2022-2769 WRITEUP LOW WRITEUP
SourceCodester Company Website CMS - Cross-Site Scripting via /dashboard/contact Phone Parameter
A vulnerability, which was classified as problematic, has been found in SourceCodester Company Website CMS. This issue affects some unknown processing of the file /dashboard/contact. The manipulation of the argument phone leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206165 was assigned to this vulnerability.
CVSS 3.5
CVE-2022-3120 WRITEUP HIGH WRITEUP
Clinic's Patient Management System - SQL Injection via Login Index.php User Name Parameter
A vulnerability classified as critical was found in SourceCodester Clinics Patient Management System. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulation of the argument user_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-207847.
CVSS 7.3
CVE-2022-3122 WRITEUP MEDIUM WRITEUP
Clinic's Patient Management System 1.0 - SQL Injection via Medicine Parameter in medicine_details.php
A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file medicine_details.php. The manipulation of the argument medicine leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-207854 is the identifier assigned to this vulnerability.
CVSS 6.3
CVE-2022-3583 WRITEUP HIGH WRITEUP
SourceCodester Canteen Management System 1.0 - SQL Injection
A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument business leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-211192.
CVSS 7.3
CVE-2022-3584 WRITEUP MEDIUM WRITEUP
SourceCodester Canteen Management System 1.0 - SQL Injection
A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file edituser.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211193 was assigned to this vulnerability.
CVSS 6.3
CVE-2022-4855 WRITEUP HIGH WRITEUP
SourceCodester Lead Management System 1.0 - SQL Injection
A vulnerability, which was classified as critical, was found in SourceCodester Lead Management System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-217020.
CVSS 7.3
CVE-2023-6310 WRITEUP MEDIUM WRITEUP
SourceCodester Loan Management System 1.0 - SQL Injection
A vulnerability has been found in SourceCodester Loan Management System 1.0 and classified as critical. This vulnerability affects the function delete_borrower of the file deleteBorrower.php. The manipulation of the argument borrower_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246136.
CVSS 4.7
CVE-2023-6311 WRITEUP MEDIUM WRITEUP
SourceCodester Loan Management System 1.0 - SQL Injection
A vulnerability was found in SourceCodester Loan Management System 1.0 and classified as critical. This issue affects the function delete_ltype of the file delete_ltype.php of the component Loan Type Page. The manipulation of the argument ltype_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246137 was assigned to this vulnerability.
CVSS 4.7
CVE-2023-6312 WRITEUP MEDIUM WRITEUP
SourceCodester Loan Management System 1.0 - SQL Injection
A vulnerability was found in SourceCodester Loan Management System 1.0. It has been classified as critical. Affected is the function delete_user of the file deleteUser.php of the component Users Page. The manipulation of the argument user_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-246138 is the identifier assigned to this vulnerability.
CVSS 4.7
CVE-2023-6945 WRITEUP LOW WRITEUP
Online Student Management System 1.0 - Cross-Site Scripting via edit-student-detail.php notmsg Parameter
A vulnerability has been found in SourceCodester Online Student Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file edit-student-detail.php. The manipulation of the argument notmsg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248377 was assigned to this vulnerability.
CVSS 2.4
CVE-2024-7643 WRITEUP MEDIUM WRITEUP
SourceCodester Leads Manager Tool 1.0 - SQL Injection via Delete Leads Handler
A vulnerability was found in SourceCodester Leads Manager Tool 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /endpoint/delete-leads.php of the component Delete Leads Handler. The manipulation of the argument leads leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2024-7644 WRITEUP LOW WRITEUP
SourceCodester Leads Manager Tool 1.0 - Cross-Site Scripting via Add Leads Handler
A vulnerability was found in SourceCodester Leads Manager Tool 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/add-leads.php of the component Add Leads Handler. The manipulation of the argument leads_name/phone_number leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 3.5
CVE-2024-7748 WRITEUP MEDIUM WRITEUP
SourceCodester Accounts Manager App 1.0 - SQL Injection via /endpoint/delete-account.php Account Parameter
A vulnerability, which was classified as critical, has been found in SourceCodester Accounts Manager App 1.0. This issue affects some unknown processing of the file /endpoint/delete-account.php. The manipulation of the argument account leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2024-7749 WRITEUP LOW WRITEUP
SourceCodester Accounts Manager App 1.0 - Cross-Site Scripting via account_name Parameter
A vulnerability, which was classified as problematic, was found in SourceCodester Accounts Manager App 1.0. Affected is an unknown function of the file /endpoint/add-account.php. The manipulation of the argument account_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 3.5
CVE-2024-7792 WRITEUP MEDIUM WRITEUP
SourceCodester Task Progress Tracker 1.0 - SQL Injection via task Parameter in delete-task.php
A vulnerability was found in SourceCodester Task Progress Tracker 1.0. It has been classified as critical. Affected is an unknown function of the file /endpoint/delete-task.php. The manipulation of the argument task leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2024-7793 WRITEUP LOW WRITEUP
SourceCodester Task Progress Tracker 1.0 - Cross-Site Scripting via task_name Parameter
A vulnerability was found in SourceCodester Task Progress Tracker 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/add-task.php. The manipulation of the argument task_name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 3.5
CVE-2024-8338 WRITEUP MEDIUM WRITEUP
HFO4 shudong-share 2.4.7 - Unrestricted Upload
A vulnerability was found in HFO4 shudong-share 2.4.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /includes/fileReceive.php of the component File Extension Handler. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 6.3
CVE-2024-8339 WRITEUP MEDIUM WRITEUP
SourceCodester Electric Billing Management System 1.0 - SQL Injection
A vulnerability was found in SourceCodester Electric Billing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /?page=tracks of the component Connection Code Handler. The manipulation of the argument code leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2024-8340 WRITEUP HIGH WRITEUP
SourceCodester Electric Billing Management System 1.0 - SQL Injection
A vulnerability classified as critical has been found in SourceCodester Electric Billing Management System 1.0. This affects an unknown part of the file /Actions.php?a=login. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 7.3
CVE-2024-8341 WRITEUP MEDIUM WRITEUP
SourceCodester Petshop Management System 1.0 - Unrestricted Upload
A vulnerability classified as critical was found in SourceCodester Petshop Management System 1.0. This vulnerability affects unknown code of the file /controllers/add_user.php. The manipulation of the argument avatar leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2024-8342 WRITEUP MEDIUM WRITEUP
SourceCodester Petshop Management System 1.0 - Unrestricted Upload
A vulnerability, which was classified as critical, has been found in SourceCodester Petshop Management System 1.0. This issue affects some unknown processing of the file /controllers/add_client.php. The manipulation of the argument image_profile leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2024-9033 WRITEUP LOW WRITEUP
Best House Rental Management System 1.0 - Stored Cross-Site Scripting via /ajax.php name Parameter
A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=save_category. The manipulation of the argument name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 3.5