Filtered by vendor Oretnom23
Subscriptions
Total
169 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-42242 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2023-12-28 | 7.2 High |
| Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_booking. | ||||
| CVE-2022-42241 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2023-12-28 | 7.2 High |
| Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_message. | ||||
| CVE-2022-42232 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2023-12-28 | 7.2 High |
| Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/classes/Master.php?f=delete_storage. | ||||
| CVE-2022-42243 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2023-12-28 | 7.2 High |
| Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/storages/manage_storage.php?id=. | ||||
| CVE-2022-43317 | 1 Oretnom23 | 1 Human Resource Management System | 2023-12-26 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in /hrm/index.php?msg of Human Resource Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2022-43262 | 1 Oretnom23 | 1 Human Resource Management System | 2023-12-26 | 9.8 Critical |
| Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /hrm/controller/login.php. | ||||
| CVE-2022-45218 | 1 Oretnom23 | 1 Human Resource Management System | 2023-12-26 | 6.1 Medium |
| Human Resource Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability. This vulnerability is triggered via a crafted payload injected into an authentication error message. | ||||
| CVE-2022-43318 | 1 Oretnom23 | 1 Human Resource Management System | 2023-12-26 | 8.8 High |
| Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the stateedit parameter at /hrm/state.php. | ||||
| CVE-2023-46956 | 1 Oretnom23 | 1 Packers And Movers Management System | 2023-12-06 | 7.2 High |
| SQL injection vulnerability in Packers and Movers Management System v.1.0 allows a remote attacker to execute arbitrary code via crafted payload to the /mpms/admin/?page=user/manage_user&id file. | ||||
| CVE-2023-38965 | 1 Oretnom23 | 1 Lost And Found Information System | 2023-11-13 | 9.8 Critical |
| Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI. | ||||
| CVE-2023-46435 | 1 Oretnom23 | 1 Packers And Movers Management System | 2023-10-30 | 9.8 Critical |
| Sourcecodester Packers and Movers Management System v1.0 is vulnerable to SQL Injection via mpms/?p=services/view_service&id. | ||||
| CVE-2021-45252 | 1 Oretnom23 | 1 Simple Forum\/discussion System | 2023-10-18 | 9.8 Critical |
| Multiple SQL injection vulnerabilities are found on Simple Forum-Discussion System 1.0 For example on three applications which are manage_topic.php, manage_user.php, and ajax.php. The attacker can be retrieving all information from the database of this system by using this vulnerability. | ||||
| CVE-2022-37796 | 1 Oretnom23 | 1 Simple Online Book Store System | 2023-10-18 | 5.4 Medium |
| In Simple Online Book Store System 1.0 in /admin_book.php the Title, Author, and Description parameters are vulnerable to Cross Site Scripting(XSS). | ||||
| CVE-2021-44653 | 1 Oretnom23 | 1 Online Magazine Management System | 2023-10-18 | 9.8 Critical |
| Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability. The Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to gain access as admin to the application. | ||||
| CVE-2023-24202 | 1 Oretnom23 | 1 Raffle Draw System | 2023-10-18 | 9.8 Critical |
| Raffle Draw System v1.0 was discovered to contain a local file inclusion vulnerability via the page parameter in index.php. | ||||
| CVE-2023-24201 | 1 Oretnom23 | 1 Raffle Draw System | 2023-10-18 | 9.8 Critical |
| Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at get_ticket.php. | ||||
| CVE-2023-24200 | 1 Oretnom23 | 1 Raffle Draw System | 2023-10-18 | 9.8 Critical |
| Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at save_ticket.php. | ||||
| CVE-2023-24199 | 1 Oretnom23 | 1 Raffle Draw System | 2023-10-18 | 9.8 Critical |
| Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at delete_ticket.php. | ||||
| CVE-2023-24198 | 1 Oretnom23 | 1 Raffle Draw System | 2023-10-18 | 9.8 Critical |
| Raffle Draw System v1.0 was discovered to contain multiple SQL injection vulnerabilities at save_winner.php via the ticket_id and draw parameters. | ||||
| CVE-2023-31857 | 1 Oretnom23 | 1 Online Computer And Laptop Store | 2023-10-04 | 9.8 Critical |
| Sourcecodester Online Computer and Laptop Store 1.0 allows unrestricted file upload and can lead to remote code execution. The vulnerability path is /classes/Users.php?f=save. | ||||