zyairelai

6 exploits Active since Apr 2024
CVE-2024-3443 WRITEUP LOW WRITEUP
Prison Management System 1.0 - Cross-Site Scripting via txtstart_date/txtend_date Parameters
A vulnerability classified as problematic was found in SourceCodester Prison Management System 1.0. This vulnerability affects unknown code of the file /Employee/apply_leave.php. The manipulation of the argument txtstart_date/txtend_date leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259696.
CVSS 3.5
CVE-2024-3617 WRITEUP MEDIUM WRITEUP
SourceCodester Kortex Lite Advocate Office Management System 1.0 - SQL Injection via deactivate_case.php id Parameter
A vulnerability, which was classified as critical, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This issue affects some unknown processing of the file /control/deactivate_case.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260273 was assigned to this vulnerability.
CVSS 4.7
CVE-2024-3618 WRITEUP MEDIUM WRITEUP
Kortex Lite Advocate Office Management System 1.0 - SQL Injection via Activate Case ID Parameter
A vulnerability, which was classified as critical, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected is an unknown function of the file /control/activate_case.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-260274 is the identifier assigned to this vulnerability.
CVSS 4.7
CVE-2024-3619 WRITEUP MEDIUM WRITEUP
SourceCodester Kortex Lite Advocate Office Management System 1.0 - SQL Injection via addcase_stage.php cname Parameter
A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /control/addcase_stage.php. The manipulation of the argument cname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260275.
CVSS 4.7
CVE-2024-3620 WRITEUP MEDIUM WRITEUP
Kortex Lite Advocate Office Management System 1.0 - SQL Injection via /control/adds.php Parameter Manipulation
A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /control/adds.php. The manipulation of the argument name/gender/dob/email/mobile/address leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260276.
CVSS 4.7
CVE-2024-3621 WRITEUP MEDIUM WRITEUP
SourceCodester Kortex Lite Advocate Office Management System 1.0 SQL Injection via register_case.php
A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. It has been classified as critical. This affects an unknown part of the file /control/register_case.php. The manipulation of the argument title/case_no/client_name/court/case_type/case_stage/legel_acts/description/filling_date/hearing_date/opposite_lawyer/total_fees/unpaid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260277 was assigned to this vulnerability.
CVSS 4.7