Vulnerabilities (CVE)

Total 286889 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-33965 1 Janobe 5 Credit Card, Debit Card Payment, Paypal and 2 more 2024-08-08 N/A 7.5 HIGH
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'view' in '/tubigangarden/admin/mod_accomodation/index.php' parameter.
CVE-2024-33966 1 Janobe 5 Credit Card, Debit Card Payment, Paypal and 2 more 2024-08-08 N/A 7.5 HIGH
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'xtsearch' in '/admin/mod_reports/index.php' parameter.
CVE-2024-33967 1 Janobe 5 Credit Card, Debit Card Payment, Paypal and 2 more 2024-08-08 N/A 7.5 HIGH
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'view' in 'Attendance' and 'YearLevel' in '/AttendanceMonitoring/report/attendance_print.php' parameter.
CVE-2024-33968 1 Janobe 5 Credit Card, Debit Card Payment, Paypal and 2 more 2024-08-08 N/A 7.5 HIGH
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'Attendance' and 'YearLevel' in '/AttendanceMonitoring/report/index.php' parameter.
CVE-2024-33969 1 Janobe 5 Credit Card, Debit Card Payment, Paypal and 2 more 2024-08-08 N/A 7.5 HIGH
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/AttendanceMonitoring/department/index.php' parameter.
CVE-2024-33970 1 Janobe 5 Credit Card, Debit Card Payment, Paypal and 2 more 2024-08-08 N/A 7.5 HIGH
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'studid' in '/candidate/controller.php' parameter.
CVE-2024-33971 1 Janobe 5 Credit Card, Debit Card Payment, Paypal and 2 more 2024-08-08 N/A 7.5 HIGH
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'username' in '/login.php' parameter.
CVE-2024-33972 1 Janobe 5 Credit Card, Debit Card Payment, Paypal and 2 more 2024-08-08 N/A 7.5 HIGH
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'events' in '/report/event_print.php' parameter.
CVE-2024-33973 1 Janobe 5 Credit Card, Debit Card Payment, Paypal and 2 more 2024-08-08 N/A 7.5 HIGH
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'Attendance' and 'YearLevel' in '/report/attendance_print.php' parameter.
CVE-2024-41242 1 Lopalopa 1 Responsive School Management System 2024-08-08 N/A 6.1 MEDIUM
A Reflected Cross Site Scripting (XSS) vulnerability was found in /smsa/student_login.php in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "error" parameter.
CVE-2024-41245 1 Lopalopa 1 Responsive School Management System 2024-08-08 N/A 5.3 MEDIUM
An Incorrect Access Control vulnerability was found in /smsa/view_teachers.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view TEACHER details.
CVE-2024-41244 1 Lopalopa 1 Responsive School Management System 2024-08-08 N/A 5.3 MEDIUM
An Incorrect Access Control vulnerability was found in /smsa/view_class.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view CLASS details.
CVE-2024-34479 1 Oretnom23 1 Computer Laboratory Management System 2024-08-08 N/A 9.8 CRITICAL
SourceCodester Computer Laboratory Management System 1.0 allows classes/Master.php id SQL Injection.
CVE-2024-41247 1 Lopalopa 1 Responsive School Management System 2024-08-08 N/A 5.3 MEDIUM
An Incorrect Access Control vulnerability was found in /smsa/add_class.php and /smsa/add_class_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to add a new class entry.
CVE-2024-41248 1 Lopalopa 1 Responsive School Management System 2024-08-08 N/A 5.3 MEDIUM
An Incorrect Access Control vulnerability was found in /smsa/add_subject.php and /smsa/add_subject_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to add a new subject entry.
CVE-2024-41249 1 Lopalopa 1 Responsive School Management System 2024-08-08 N/A 5.3 MEDIUM
An Incorrect Access Control vulnerability was found in /smsa/view_subject.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view SUBJECT details.
CVE-2024-41252 1 Lopalopa 1 Responsive School Management System 2024-08-08 N/A 6.5 MEDIUM
An Incorrect Access Control vulnerability was found in /smsa/admin_student_register_approval.php and /smsa/admin_student_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve student registration.
CVE-2024-41308 1 Enjayworld 1 Enjay Crm 2024-08-08 N/A 7.8 HIGH
An issue in the Ping feature of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system.
CVE-2024-41432 1 Likeshop 1 Likeshop 2024-08-08 N/A 5.3 MEDIUM
An IP Spoofing vulnerability has been discovered in Likeshop up to 2.5.7.20210811. This issue allows an attacker to replace their real IP address with any arbitrary IP address, specifically by adding a forged 'X-Forwarded' or 'Client-IP' header to requests. Exploiting IP spoofing, attackers can bypass account lockout mechanisms during attempts to log into admin accounts, spoof IP addresses in requests sent to the server, and impersonate IP addresses that have logged into user accounts, etc.
CVE-2024-42232 1 Linux 1 Linux Kernel 2024-08-08 N/A 5.5 MEDIUM
In the Linux kernel, the following vulnerability has been resolved: libceph: fix race between delayed_work() and ceph_monc_stop() The way the delayed work is handled in ceph_monc_stop() is prone to races with mon_fault() and possibly also finish_hunting(). Both of these can requeue the delayed work which wouldn't be canceled by any of the following code in case that happens after cancel_delayed_work_sync() runs -- __close_session() doesn't mess with the delayed work in order to avoid interfering with the hunting interval logic. This part was missed in commit b5d91704f53e ("libceph: behave in mon_fault() if cur_mon < 0") and use-after-free can still ensue on monc and objects that hang off of it, with monc->auth and monc->monmap being particularly susceptible to quickly being reused. To fix this: - clear monc->cur_mon and monc->hunting as part of closing the session in ceph_monc_stop() - bail from delayed_work() if monc->cur_mon is cleared, similar to how it's done in mon_fault() and finish_hunting() (based on monc->hunting) - call cancel_delayed_work_sync() after the session is closed